Page 6 of 28 results (0.006 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2. HashiCorp Vault y Vault Enterprise versión 1.4.0 y versión 1.4.1, cuando se configuran con el Motor de Secretos GCP, pueden generar incorrectamente Credenciales GCP con la duración de alquiler predeterminada en lugar de la configuración del motor. Esto puede llevar a que las credenciales de BPC generadas sean válidas durante más tiempo del previsto. • https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 https://www.hashicorp.com/blog/category/vault • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2. HashiCorp Vault y Vault Enterprise registraron variables de entorno proxy que incluían potencialmente credenciales sensibles. Fijado en las versiones 1.3.6 y 1.4.2 • https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020 https://www.hashicorp.com/blog/category/vault • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0

TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request. Vulnerabilidad en TIBCO Managed File Transfer Internet Server en versiones anteriores a 7.2.5, Managed File Transfer Command Center en versiones anteriores a 7.2.5, Slingshot en versiones anteriores a 1.9.4 y Vault en versiones anteriores a 2.0.1, permite a usuarios remotos autenticados obtener información sensible a través de una petición HTTP manipulada. • http://www.securitytracker.com/id/1033678 http://www.tibco.com/assets/blt423f06fbac6ee0c6/2015-003-advisory.txt http://www.tibco.com/mk/advisory.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •