cbcvebase.

Hashicorp Vault vulnerabilities

72 known vulnerabilities affecting hashicorp/vault.

Total CVEs
72
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH29MEDIUM33LOW3

Vulnerabilities

Page 2 of 4
CVE-2023-24999P3HIGHCVSS 8.1fixed in 1.10.11≥ 1.11.0, < 1.11.8+1 more2023-03-11
CVE-2023-24999 [HIGH] CWE-863 CVE-2023-24999: HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with acces HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
nvd
CVE-2025-6203P3HIGHCVSS 7.5≥ 1.15.0, < 1.16.27≥ 1.15.0, < 1.21.0+3 more2025-08-28
CVE-2025-6203 [HIGH] CWE-770 CVE-2025-6203: A malicious user may submit a specially-crafted complex payload that otherwise meets the default req A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vau
nvd
CVE-2025-12044P3HIGHCVSS 7.5≥ 1.16.25, < 1.16.27≥ 1.18.14, ≤ 1.18.15+3 more2025-10-23
CVE-2025-12044 [HIGH] CWE-770 CVE-2025-12044: Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when pro Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393] which allowed for processing JSON payloads before a
nvd
CVE-2024-6468P3HIGHCVSS 7.5≥ 1.10.0, < 1.15.12≥ 1.16.0, < 1.16.6+2 more2024-07-11
CVE-2024-6468 [HIGH] CWE-703 CVE-2024-6468: Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP address Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to
nvd
CVE-2021-42135P3HIGHCVSS 8.1≥ 1.8.0, ≤ 1.8.42021-10-11
CVE-2021-42135 [HIGH] CWE-269 CVE-2021-42135: HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.
nvd
CVE-2024-8185P3HIGHCVSS 7.5≥ 1.2.0, < 1.16.12≥ 1.2.0, < 1.18.1+2 more2024-10-31
CVE-2024-8185 [HIGH] CWE-636 CVE-2024-8185: Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potent
nvd
CVE-2023-4680P3MEDIUMCVSS 6.8≥ 1.6.0, < 1.12.11≥ 1.13.0, < 1.13.7+3 more2023-09-15
CVE-2023-4680 [MEDIUM] CWE-323 CVE-2023-4680: HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbi HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without
nvd
CVE-2024-5798P3HIGHCVSS 7.5≥ 0.11.0, < 1.15.9≥ 1.16.0, < 1.16.3+1 more2024-06-12
CVE-2024-5798 [HIGH] CWE-287 CVE-2024-5798: Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience cl Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected. This vulnerability, CVE-2024-5798, was fix
nvd
CVE-2021-32923P3HIGHCVSS 7.4≥ 0.10.0, < 1.5.9≥ 1.6.0, < 1.6.5+1 more2021-06-03
CVE-2021-32923 [HIGH] CWE-613 CVE-2021-32923: HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.
nvd
CVE-2020-7220P3HIGHCVSS 7.5≥ 0.11.0, < 1.3.22020-01-23
CVE-2020-7220 [HIGH] CWE-404 CVE-2020-7220: HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic s HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.
nvd
CVE-2023-6337P3HIGHCVSS 7.5≤ 1.12.0≥ 1.13.0, < 1.13.12+3 more2023-12-08
CVE-2023-6337 [HIGH] CWE-770 CVE-2023-6337: HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash.
nvd
CVE-2025-6014P3MEDIUMCVSS 6.5fixed in 1.16.23fixed in 1.20.1+3 more2025-08-01
CVE-2025-6014 [MEDIUM] CWE-156 CVE-2025-6014: Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible t Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
nvd
CVE-2023-5077P3HIGHCVSS 7.5≥ 0.10.0, < 1.13.02023-09-29
CVE-2023-5077 [HIGH] CWE-266 CVE-2023-5077: The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Googl The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
nvd
CVE-2023-5954P3HIGHCVSS 7.5≥ 1.13.7, < 1.13.10≥ 1.14.3, < 1.14.6+9 more2023-11-09
CVE-2023-5954 [HIGH] CWE-401 CVE-2023-5954: HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to a HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.
nvd
CVE-2021-29653P3HIGHCVSS 7.5≥ 1.5.1, < 1.5.8≥ 1.6.0, < 1.6.4+1 more2021-04-22
CVE-2021-29653 [HIGH] CWE-295 CVE-2021-29653: HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revok HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
nvd
CVE-2018-19786P3HIGHCVSS 8.1fixed in 1.0.02018-12-05
CVE-2018-19786 [HIGH] CWE-532 CVE-2018-19786: HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfig HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being reported.
nvd
CVE-2020-13223P3HIGHCVSS 7.5fixed in 1.3.6≥ 1.4.0, < 1.4.22020-06-10
CVE-2020-13223 [HIGH] CWE-532 CVE-2020-13223: HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included se HashiCorp Vault and Vault Enterprise logged proxy environment variables that potentially included sensitive credentials. Fixed in 1.3.6 and 1.4.2.
nvd
CVE-2021-27400P3HIGHCVSS 7.5fixed in 1.6.4≥ 1.7.0, < 1.7.12021-04-22
CVE-2021-27400 [HIGH] CWE-295 CVE-2021-27400: HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets en HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
nvd
CVE-2022-25244P4MEDIUMCVSS 6.5≥ 1.7.0, < 1.7.10≥ 1.8.0, < 1.8.9+1 more2022-03-10
CVE-2022-25244 [MEDIUM] CVE-2022-25244: Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key t Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.
nvd
CVE-2024-0831P4MEDIUMCVSS 6.5≥ 1.15.0, < 1.15.5≥ 1.15.0, ≤ 1.15.42024-02-01
CVE-2024-0831 [MEDIUM] CWE-532 CVE-2024-0831: Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`.
nvd
Hashicorp Vault vulnerabilities | cvebase