Vulnerabilities > Hashicorp > Vault > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-22 | CVE-2021-27400 | Improper Certificate Validation vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. | 5.0 |
| 2021-02-01 | CVE-2021-3024 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. | 5.0 |
| 2021-02-01 | CVE-2020-25594 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. | 5.0 |
| 2020-12-17 | CVE-2020-35453 | Improper Input Validation vulnerability in Hashicorp Vault HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. | 5.0 |
| 2020-12-17 | CVE-2020-35177 | Information Exposure vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. | 5.0 |
| 2020-09-30 | CVE-2020-25816 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. network hashicorp | 4.9 |
| 2020-06-10 | CVE-2020-13223 | Information Exposure Through Log Files vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. | 5.0 |
| 2020-03-23 | CVE-2020-10661 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. network hashicorp | 5.8 |
| 2020-03-23 | CVE-2020-10660 | Incorrect Default Permissions vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. | 4.3 |
| 2020-01-23 | CVE-2020-7220 | Information Exposure vulnerability in Hashicorp Vault HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. | 4.3 |