Github.Com Hashicorp Vault vulnerabilities

CVE-2023-25000 [MEDIUM] CWE-203 HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the

CVE-2023-0620 [MEDIUM] CWE-89 HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File HashiCorp Vault and Vault Enterprise versions 0.8.0 until 1.13.1 are vulnerable to an SQL injection attack when using the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin, certain parameters are required to establish a c

CVE-2023-0665 [MEDIUM] CWE-285 HashiCorp Vault's PKI mount vulnerable to denial of service HashiCorp Vault's PKI mount vulnerable to denial of service HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

CVE-2022-40186 [CRITICAL] CWE-639 HashiCorp Vault vulnerable to incorrect metadata access HashiCorp Vault vulnerable to incorrect metadata access An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow

CVE-2020-25816 [CRITICAL] CWE-613 Token leases could outlive their TTL in HashiCorp Vault Token leases could outlive their TTL in HashiCorp Vault HashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect Access Control.

CVE-2022-30689 [MEDIUM] HashiCorp Vault improper configuration of multi factor authentication HashiCorp Vault improper configuration of multi factor authentication HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.

CVE-2021-43998 [CRITICAL] CWE-732 HashiCorp Vault Incorrect Permission Assignment for Critical Resource HashiCorp Vault Incorrect Permission Assignment for Critical Resource HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, an

CVE-2021-42135 [HIGH] CWE-266 Incorrect Privilege Assignment in HashiCorp Vault Incorrect Privilege Assignment in HashiCorp Vault HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.

CVE-2021-41802 [LOW] CWE-269 Hashicorp Vault Privilege Escalation Vulnerability Hashicorp Vault Privilege Escalation Vulnerability HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.

CVE-2021-38553 [CRITICAL] CWE-281 HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

CVE-2021-38554 [MEDIUM] CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.

CVE-2020-16250 [HIGH] CWE-290 Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..

CVE-2020-7220 [HIGH] CWE-404 Improper Resource Shutdown or Release in HashiCorp Vault Improper Resource Shutdown or Release in HashiCorp Vault HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.

CVE-2021-32923 [HIGH] CWE-613 Invalid session token expiration Invalid session token expiration HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.

CVE-2020-13223 [HIGH] CWE-200 Information Disclosure in HashiCorp Vault Information Disclosure in HashiCorp Vault HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1.4.2, insert Sensitive Information into a Log File. The vulnerability is affecting `github.com/hashicorp/vault/command` Go package.