CRITICAL9.8CVE-2020-35192The official vault docker images before 0.11.6 contain a blank password for a root user. >= 0.6.0, < 0.11.6
CRITICAL9.8CVE-2020-25816Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault >= 1.0.0, < 1.4.7, >= 1.5.0, < 1.5.4
CRITICAL9.8HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vault
>= 1.4.0, < 1.8.0
CRITICAL9.8Improper Input Validation in HashiCorp Vault in github.com/hashicorp/vault-plugin-secrets-gcp
>= 1.4.0, < 1.4.2
CRITICAL9.1Arbitrary Remote Code Execution via Plugin Catalog Abuse
>= 0.8.0, < 1.20.1
CRITICAL9.1HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint…
>= 1.7.0, < 1.9.8, >= 1.10.0, < 1.10.5, >= 1.11.0, < 1.11.1
CRITICAL9.1HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
>= 0.11.0, < 1.3.4
CRITICAL9.1HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault
>= 1.8.0, < 1.9.9, >= 1.10.0, < 1.10.6, >= 1.11.0, < 1.11.3
CRITICAL9.1HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault
>= 0.11.0, < 1.7.6, >= 1.8.4, < 1.8.5
HIGH8.2HashiCorp Vault Authentication bypass in github.com/hashicorp/vault
>= 0.8.3, < 1.2.5, >= 1.3.0, < 1.3.8, >= 1.4.0, < 1.4.4, >= 1.5.0, < 1.5.1
HIGH8.2Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault
>= 0.7.1, < 1.2.5, >= 1.3.0, < 1.3.8, >= 1.4.0, < 1.4.4, >= 1.5.0, < 1.5.1
HIGH8.1Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service
>= 0.10.0, < 2.0.0
HIGH8.1Vault AWS auth method bypass due to AWS client cache
>= 0.6.0, < 1.21.0
HIGH8.1Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
>= 1.15.5, < 1.16.0
HIGH8.1Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation
from 0, < 1.10.11, >= 1.11.0, < 1.11.8, >= 1.12.0, < 1.12.4
HIGH8.1Incorrect Privilege Assignment in HashiCorp Vault in github.com/hashicorp/vault
>= 1.8.0, < 1.8.5
HIGH7.6Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
>= 0.10.0, < 1.13.0
HIGH7.5Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations
>= 0.10.0, < 2.0.0
HIGH7.5Vault Token Leaked to Backends via Authorization: Bearer Passthrough Header
>= 0.10.0, < 2.0.0
HIGH7.5Vault Vulnerable to Denial of Service Due to Rate Limit Regression
>= 0.6.0, < 1.16.27, >= 1.17.0, < 1.19.11, >= 1.20.0, < 1.21.0
HIGH7.5Vault unauthenticated denial of service through complex json payload
>= 1.15.0, < 1.20.3
HIGH7.5Vault Vulnerable to Denial of Service When Processing Raft Join Requests
>= 1.2.0, < 1.18.1
HIGH7.5Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
>= 1.7.7, < 1.17.6
HIGH7.5Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior
>= 1.10.0, < 1.16.3, >= 1.17.0, < 1.17.2
HIGH7.5HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certi…
from 0, < 1.6.4, >= 1.7.0, < 1.7.1
HIGH7.5HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the…
>= 1.5.1, < 1.5.8, >= 1.6.0, < 1.6.4, >= 1.7.0, < 1.7.1
HIGH7.5Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault
>= 1.6.0, < 1.6.1, >= 1.6.1, < 1.6.2
HIGH7.5Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
>= 1.13.0, < 1.13.12, >= 1.14.0, < 1.14.8, >= 1.15.0, < 1.15.4
HIGH7.5Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
>= 1.13.7, < 1.13.10, >= 1.14.3, < 1.14.6, >= 1.15.0, < 1.15.2
HIGH7.5Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault
>= 0.11.0, < 1.3.2
HIGH7.5Information Disclosure in HashiCorp Vault in github.com/hashicorp/vault
from 0, < 1.3.6, >= 1.4.0, < 1.4.2
HIGH7.4Invalid session token expiration in github.com/hashicorp/vault
>= 0.10.0, < 1.5.9, >= 1.6.0, < 1.6.5, >= 1.7.0, < 1.7.2
HIGH7.2Vault Root Namespace Operator May Elevate Token Privileges
>= 0.10.4, < 1.20.0
HIGH7.2Vault Operators in Root Namespace May Elevate Their Privileges
>= 1.7.7, < 1.18.0
MEDIUM6.8Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates
from 0, < 1.20.1
MEDIUM6.8Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
>= 1.6.0, < 1.12.11, >= 1.13.0, < 1.13.7, >= 1.14.0, < 1.14.3
MEDIUM6.7Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend
from 0, < 1.11.9, >= 1.12.0, < 1.12.5, >= 1.13.0, < 1.13.1
MEDIUM6.6Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
>= 0.10.0, < 1.19.1
MEDIUM6.5Vault LDAP MFA Enforcement Bypass When Using Username As Alias
>= 1.10.0, < 1.20.2
MEDIUM6.5Vault TOTP Secrets Engine Code Reuse
from 0, < 1.20.1
MEDIUM6.5Vault Leaks AppRole Client Tokens And Accessor in Audit Log
>= 1.16.7, < 1.16.9, >= 1.17.3, < 1.17.5
MEDIUM6.5"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard ce…
>= 1.8.0, < 1.8.9, >= 1.9.0, < 1.9.4
MEDIUM6.5Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configurati…
>= 1.7.0, < 1.7.10, >= 1.8.0, < 1.8.9, >= 1.9.0, < 1.9.4
MEDIUM6.5Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault
>= 1.5.0, < 1.5.6, >= 1.6.0, < 1.6.1
MEDIUM6.5Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata
from 0, < 1.11.9, >= 1.12.0, < 1.12.5, >= 1.13.0, < 1.13.1
MEDIUM6.4Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses
>= 1.14.0, < 1.16.0
MEDIUM5.7Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse
>= 1.10.0, < 1.20.1
MEDIUM5.5Vault Enterprise Leaks Sensitive HTTP Request Headers in the Audit Log When Deployed With a Performance Standby Node
>= 1.15.0, < 1.15.8
MEDIUM5.3Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS
>= 0.10.0, < 2.0.0
MEDIUM5.3Vault Userpass and LDAP User Lockout Bypass
>= 1.13.0, < 1.20.1
MEDIUM5.3HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests.
from 0, < 1.5.7, >= 1.6.0, < 1.6.2
MEDIUM5.3HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces.
>= 1.5.0, < 1.5.6, >= 1.6.0, < 1.6.1
MEDIUM5.3HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication.
>= 0.9.2, < 1.6.3
MEDIUM5.3HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated H…
from 0, < 1.5.7, >= 1.6.0, < 1.6.2
MEDIUM5.3HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
>= 0.9.0, < 1.3.4
MEDIUM5.3Vault's LDAP Auth Method Allows for User Enumeration
>= 1.13.0, < 1.13.5, >= 1.14.0, < 1.14.1
MEDIUM5.3HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault
from 0, < 1.9.10, >= 1.10.0, < 1.10.7, >= 1.11.0, < 1.11.4
MEDIUM5.3HashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault
>= 1.10.0, < 1.10.3
MEDIUM5.3Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault
from 0, < 1.8.0
MEDIUM4.9In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage bac…
>= 1.4.0, < 1.7.7, >= 1.8.0, < 1.8.6, >= 1.9.0, < 1.9.1
MEDIUM4.9Vault Enterprise Namespace Creation May Lead to Denial of Service
>= 1.12.8, < 1.12.9, >= 1.13.4, < 1.13.5, >= 1.14.0, < 1.14.1
MEDIUM4.9Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
>= 0.11.0, < 1.13.8, >= 1.14.0, < 1.14.4
MEDIUM4.7Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations
from 0, < 1.11.9, >= 1.12.0, < 1.12.5, >= 1.13.0, < 1.13.1
MEDIUM4.5Vault May Include Sensitive Data in Error Logs When Using the KV v2 Plugin
>= 0.3.0, < 1.19.3
MEDIUM4.5Vault May Expose Sensitive Information When Configuring An Audit Log Device
>= 1.15.0, < 1.15.5
MEDIUM4.3Vault’s KV Diff Viewer Allowed for HTML Injection
from 0, < 1.11.11, >= 1.12.0, < 1.12.7, >= 1.13.0, < 1.13.3
LOW3.7Timing Side-Channel in Vault’s Userpass Auth Method
from 0, < 1.20.1
LOW3.1Vault Vulnerable to Recovery Key Cancellation Denial of Service
>= 1.14.8, < 1.20.0
LOW2.9Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault
from 0, < 1.7.5, >= 1.8.0, < 1.8.4
LOW2.6Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
>= 0.11.0, < 1.16.2
LOW2.5Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
>= 1.13.0, < 1.13.2