Vulnerabilities > Hashicorp > Vault > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-09-22 CVE-2022-40186 Unspecified vulnerability in Hashicorp Vault
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3.
network
low complexity
hashicorp
critical
9.1
2022-07-26 CVE-2022-36129 Missing Authentication for Critical Function vulnerability in Hashicorp Vault
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure.
network
low complexity
hashicorp CWE-306
critical
9.1
2020-12-17 CVE-2020-35192 Missing Authentication for Critical Function vulnerability in Hashicorp Vault
The official vault docker images before 0.11.6 contain a blank password for a root user.
network
low complexity
hashicorp CWE-306
critical
9.8
2020-06-10 CVE-2020-12757 Improper Privilege Management vulnerability in Hashicorp Vault 1.4.0/1.4.1/1.4.2
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting.
network
low complexity
hashicorp CWE-269
critical
9.8
2020-03-23 CVE-2020-10661 Unspecified vulnerability in Hashicorp Vault
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact.
network
low complexity
hashicorp
critical
9.1