Vulnerabilities > CVE-2020-25594 - Unspecified vulnerability in Hashicorp Vault

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

NVD

Published: 2021-02-01

Updated: 2022-09-14

Summary

HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.

Part	Description	Count
Application	Hashicorp Hashicorp Vault 0.10.0 Hashicorp Vault 1.0.0 Hashicorp Vault 1.0.1 Hashicorp Vault 1.0.2 Hashicorp Vault 1.0.3 Hashicorp Vault 1.1.0 Hashicorp Vault 1.1.1 Hashicorp Vault 1.1.2 Hashicorp Vault 1.1.3 Hashicorp Vault 1.1.4 Hashicorp Vault 1.1.5 Hashicorp Vault 1.2.0 Hashicorp Vault 1.2.1 Hashicorp Vault 1.2.2 Hashicorp Vault 1.2.3 Hashicorp Vault 1.2.4 Hashicorp Vault 1.2.5 Hashicorp Vault 1.3.0 Hashicorp Vault 1.3.1 Hashicorp Vault 1.3.2 Hashicorp Vault 1.3.3 Hashicorp Vault 1.3.4 Hashicorp Vault 1.3.5 Hashicorp Vault 1.3.6 Hashicorp Vault 1.3.8 Hashicorp Vault 1.4.0 Hashicorp Vault 1.4.1 Hashicorp Vault 1.4.2 Hashicorp Vault 1.4.3 Hashicorp Vault 1.4.4 Hashicorp Vault 1.4.5 Hashicorp Vault 1.4.5.1 Hashicorp Vault 1.4.6 Hashicorp Vault 1.4.7 Hashicorp Vault 1.5.0 Hashicorp Vault 1.5.1 Hashicorp Vault 1.5.2 Hashicorp Vault 1.5.2.1 Hashicorp Vault 1.5.3 Hashicorp Vault 1.5.4 Hashicorp Vault 1.5.5 Hashicorp Vault 1.5.6 Hashicorp Vault 0.9.2 Hashicorp Vault 0.11.0 Hashicorp Vault 1.6.0 Hashicorp Vault 1.6.1	104