CVE-2020-35453
https://notcve.org/view.php?id=CVE-2020-35453
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1. La funcionalidad de la política Sentinel EGP de HashiCorp Vault Enterprise, permitía incorrectamente peticiones a ser procesadas en los espacios de nombres de parent y sibling. Corregido en versiones 1.5.6 y 1.6.1 • https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983 https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161 •
CVE-2020-35177
https://notcve.org/view.php?id=CVE-2020-35177
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1. HashiCorp Vault y Vault Enterprise 1.4.1 y más recientes permitieron la enumeración de usuarios por medio del método de autenticación LDAP. Corregido en versiones 1.5.6 y 1.6.1 • https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984 https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2015-5711
https://notcve.org/view.php?id=CVE-2015-5711
TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request. Vulnerabilidad en TIBCO Managed File Transfer Internet Server en versiones anteriores a 7.2.5, Managed File Transfer Command Center en versiones anteriores a 7.2.5, Slingshot en versiones anteriores a 1.9.4 y Vault en versiones anteriores a 2.0.1, permite a usuarios remotos autenticados obtener información sensible a través de una petición HTTP manipulada. • http://www.securitytracker.com/id/1033678 http://www.tibco.com/assets/blt423f06fbac6ee0c6/2015-003-advisory.txt http://www.tibco.com/mk/advisory.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •