cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-9180,https://securityvulnerability.io/vulnerability/CVE-2024-9180," Root Privileges Escalation Vulnerability in Vault","A privilege escalation vulnerability exists within HashiCorp Vault, where a Vault operator possessing write permissions to the root namespace's identity endpoint could potentially escalate their own privileges or those of another user to access Vault's root policy. This could lead to unauthorized access and control over sensitive data managed within Vault. The issue has been addressed in Vault Community Edition version 1.18.0 and Vault Enterprise versions 1.18.0, 1.17.7, 1.16.11, and 1.15.16, suggesting that users should promptly upgrade to these versions to mitigate risks.",Hashicorp,"Vault,Vault Enterprise",7.2,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-10T21:15:00.000Z,0 CVE-2024-7594,https://securityvulnerability.io/vulnerability/CVE-2024-7594,Vault SSH secrets engine vulnerability: unauthorized access via SSH certificates,"HashiCorp Vault's SSH secrets engine suffers from a configuration issue where the valid_principals list is not enforced by default. This allows an SSH certificate, requested by an authorized user, to potentially authenticate as any user on the host if the valid_principals and default_user fields are not set appropriately. The implications of this vulnerability can lead to significant security breaches if not addressed, making it crucial for organizations using Vault to ensure correct configuration of their SSH secrets engine.",Hashicorp,"Vault,Vault Enterprise",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-26T19:52:55.652Z,0 CVE-2024-8365,https://securityvulnerability.io/vulnerability/CVE-2024-8365,Vault Leaks AppRole Client Tokens And Accessor in Audit Log,"Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9.",Hashicorp,"Vault,Vault Enterprise",6.5,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-02T05:15:00.000Z,0 CVE-2024-5798,https://securityvulnerability.io/vulnerability/CVE-2024-5798,Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims,"Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected. This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9",Hashicorp,"Vault,Vault Enterprise",2.6,LOW,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-12T19:15:00.000Z,0 CVE-2024-2877,https://securityvulnerability.io/vulnerability/CVE-2024-2877,Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node,"Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.",Hashicorp,Vault Enterprise,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-30T15:15:00.000Z,0 CVE-2024-2660,https://securityvulnerability.io/vulnerability/CVE-2024-2660,OCSP Response Validation Fix for Vault and Vault Enterprise TLS Certificates,"Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.",Hashicorp,"Vault,Vault Enterprise",6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-04T18:15:00.000Z,0 CVE-2024-2048,https://securityvulnerability.io/vulnerability/CVE-2024-2048,Certificate Validation Bypass Vulnerability,"A TLS certificate authentication issue in HashiCorp Vault and Vault Enterprise has been identified, whereby the product does not adequately validate client certificates when a non-CA certificate is configured as trusted. This vulnerability permits an attacker to potentially create a malicious certificate capable of circumventing standard authentication mechanisms. It is crucial for users to apply the patched versions, Vault 1.15.5 and 1.14.10, to mitigate the risks associated with this vulnerability and ensure secure operations.",Hashicorp,"Vault,Vault Enterprise",8.1,HIGH,0.0004299999854993075,false,,true,false,false,,,true,false,,2024-03-04T19:56:47.253Z,3417 CVE-2024-0831,https://securityvulnerability.io/vulnerability/CVE-2024-0831,Vault May Expose Sensitive Information When Configuring An Audit Log Device,"Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.",Hashicorp,"Vault,Vault Enterprise",6.5,MEDIUM,0.0013000000035390258,false,,false,false,false,,,false,false,,2024-02-01T02:15:00.000Z,0 CVE-2023-6337,https://securityvulnerability.io/vulnerability/CVE-2023-6337,Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests,"HashiCorp Vault and Vault Enterprise versions starting from 1.12.0 are susceptible to a denial of service threat. This vulnerability arises when the software processes large HTTP requests, both authenticated and unauthenticated, potentially exhausting the available memory on the host system. As Vault attempts to allocate memory for these requests, it can lead to crashes, impairing service availability. HashiCorp has addressed this vulnerability in versions 1.15.4, 1.14.8, and 1.13.12, making it crucial for users to update promptly.",HashiCorp,"Vault,Vault Enterprise",7.5,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-12-08T22:15:00.000Z,0 CVE-2023-5954,https://securityvulnerability.io/vulnerability/CVE-2023-5954,Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption,"A vulnerability in HashiCorp Vault and Vault Enterprise allows inbound client requests that trigger a policy check to lead to unbounded memory consumption. This condition can escalate and result in denial-of-service occurrences, impacting the availability of the service. The vulnerability has been resolved in Vault versions 1.15.2, 1.14.6, and 1.13.10.",HashiCorp,"Vault,Vault Enterprise",7.5,HIGH,0.0008800000068731606,false,,false,false,false,,,false,false,,2023-11-09T21:15:00.000Z,0 CVE-2023-5077,https://securityvulnerability.io/vulnerability/CVE-2023-5077,Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets,"The Google Cloud secrets engine in HashiCorp Vault exhibits a vulnerability where existing IAM Conditions are removed when creating or updating rolesets. This flaw affects the way Vault interacts with Google Cloud IAM, potentially compromising the intended access controls and security configurations. Users are recommended to upgrade to Vault version 1.13.0 or later to mitigate this issue and ensure the preservation of IAM Conditions during roleset management.",Hashicorp,"Vault,Vault Enterprise",7.5,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-09-29T00:15:00.000Z,0 CVE-2023-3775,https://securityvulnerability.io/vulnerability/CVE-2023-3775,Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service,"A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.",Hashicorp,Vault Enterprise,4.9,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-09-29T00:15:00.000Z,0 CVE-2023-4680,https://securityvulnerability.io/vulnerability/CVE-2023-4680,Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption,"HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.",Hashicorp,"Vault,Vault Enterprise",6.8,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-09-15T00:15:00.000Z,0 CVE-2023-3462,https://securityvulnerability.io/vulnerability/CVE-2023-3462,Vault's LDAP Auth Method Allows for User Enumeration,HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.,Hashicorp,"Vault,Vault Enterprise",5.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-07-31T23:15:00.000Z,0 CVE-2023-3774,https://securityvulnerability.io/vulnerability/CVE-2023-3774,Vault Enterprise Namespace Creation May Lead to Denial of Service,"An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.",Hashicorp,Vault Enterprise,4.9,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-07-28T01:15:00.000Z,0 CVE-2023-2121,https://securityvulnerability.io/vulnerability/CVE-2023-2121,Vault’s KV Diff Viewer Allowed for HTML Injection,"Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.",HashiCorp,"Vault,Vault Enterprise",5.4,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2023-06-09T17:15:00.000Z,0 CVE-2023-2197,https://securityvulnerability.io/vulnerability/CVE-2023-2197,Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM,HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2,Hashicorp,Vault Enterprise,2.5,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-05-01T20:15:00.000Z,0 CVE-2023-0665,https://securityvulnerability.io/vulnerability/CVE-2023-0665,Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata,"HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.",Hashicorp,"Vault,Vault Enterprise",6.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-03-30T01:15:00.000Z,0 CVE-2023-25000,https://securityvulnerability.io/vulnerability/CVE-2023-25000,Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations,"HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.",Hashicorp,"Vault,Vault Enterprise",5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-03-30T01:15:00.000Z,0 CVE-2023-0620,https://securityvulnerability.io/vulnerability/CVE-2023-0620,Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend,"HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.",Hashicorp,"Vault,Vault Enterprise",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-03-30T01:15:00.000Z,0 CVE-2023-24999,https://securityvulnerability.io/vulnerability/CVE-2023-24999,Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation,"A security issue in HashiCorp Vault's approle authorization method allows any authenticated user with the ability to access the approle destroy endpoint to eliminate the secret ID of any other role. This is accomplished by passing the secret ID accessor, leading to potential unauthorized access and manipulation of sensitive credentials. It is crucial for users of affected Vault versions to upgrade to the patched releases to mitigate this risk.",HashiCorp,"Vault,Vault Enterprise",8.1,HIGH,0.0012000000569969416,false,,false,false,false,,,false,false,,2023-03-11T00:15:00.000Z,0