Vulnerabilities > Hashicorp > Vault > 1.13.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-9180 | Unspecified vulnerability in Hashicorp Vault A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. | 7.2 |
| 2024-09-02 | CVE-2024-8365 | Information Exposure Through Log Files vulnerability in Hashicorp Vault Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. | 6.5 |
| 2023-12-08 | CVE-2023-6337 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. | 7.5 |
| 2023-11-09 | CVE-2023-5954 | Memory Leak vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. | 7.5 |
| 2023-09-29 | CVE-2023-3775 | Unspecified vulnerability in Hashicorp Vault A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. | 4.9 |