Vulnerabilities > Hashicorp > Vault > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-01 | CVE-2021-3024 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. | 5.3 |
| 2021-02-01 | CVE-2020-25594 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. | 5.3 |
| 2020-12-17 | CVE-2020-35453 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. | 5.3 |
| 2020-12-17 | CVE-2020-35177 | Information Exposure Through an Error Message vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. | 5.3 |
| 2020-09-30 | CVE-2020-25816 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. | 6.8 |
| 2020-03-23 | CVE-2020-10660 | Incorrect Default Permissions vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. | 5.3 |