Vulnerabilities > Hashicorp > Vault > 1.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-01 | CVE-2021-3024 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. | 5.0 |
| 2021-02-01 | CVE-2020-25594 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. | 5.0 |
| 2020-12-17 | CVE-2020-35453 | Improper Input Validation vulnerability in Hashicorp Vault HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. | 5.0 |
| 2020-12-17 | CVE-2020-35177 | Information Exposure vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. | 5.0 |