Vulnerabilities > Hashicorp > Vault > 1.15.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-10 | CVE-2024-9180 | Unspecified vulnerability in Hashicorp Vault A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. | 7.2 |
| 2024-02-01 | CVE-2024-0831 | Information Exposure Through Log Files vulnerability in Hashicorp Vault Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`. | 6.5 |
| 2023-12-08 | CVE-2023-6337 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. | 7.5 |