Vulnerabilities > Hashicorp > Vault
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-22 | CVE-2021-29653 | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. | 7.5 |
| 2021-04-22 | CVE-2021-27400 | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. | 7.5 |
| 2021-02-01 | CVE-2021-3282 | Improper Authentication vulnerability in Hashicorp Vault 1.6.0/1.6.1 HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. | 7.5 |
| 2021-02-01 | CVE-2021-3024 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. | 5.3 |
| 2021-02-01 | CVE-2020-25594 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. | 5.3 |
| 2020-12-17 | CVE-2020-35453 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. | 5.3 |
| 2020-12-17 | CVE-2020-35177 | Information Exposure Through an Error Message vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. | 5.3 |
| 2020-12-17 | CVE-2020-35192 | Missing Authentication for Critical Function vulnerability in Hashicorp Vault The official vault docker images before 0.11.6 contain a blank password for a root user. | 9.8 |
| 2020-09-30 | CVE-2020-25816 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. | 6.8 |
| 2020-08-26 | CVE-2020-16251 | Improper Authentication vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. | 8.2 |