Hashicorp Vault vulnerabilities
72 known vulnerabilities affecting hashicorp/vault.
Total CVEs
72
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH29MEDIUM33LOW3
Vulnerabilities
Page 3 of 4
CVE-2024-8365P4MEDIUMCVSS 6.5fixed in 1.16.9fixed in 1.17.5+2 more2024-09-02
CVE-2024-8365 [MEDIUM] CWE-532 CVE-2024-8365: Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’
Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365,
nvd
CVE-2025-4166P4MEDIUMCVSS 6.5≥ 0.3.0, < 1.16.20≥ 0.3.0, < 1.19.3+3 more2025-05-02
CVE-2025-4166 [MEDIUM] CWE-209 CVE-2025-4166: Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sens
Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. This vulnerability, identified as CVE-2025-4166, is fixed in Vault Community 1.19.3 and Vault Enterprise
nvd
CVE-2020-25816P4MEDIUMCVSS 6.8≥ 1.0.0, < 1.4.7≥ 1.5.0, < 1.5.42020-09-30
CVE-2020-25816 [MEDIUM] CVE-2020-25816: HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch toke
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.
nvd
CVE-2021-43998P4MEDIUMCVSS 6.5≥ 0.11.0, ≤ 1.7.5v1.8.42021-11-30
CVE-2021-43998 [MEDIUM] CWE-732 CVE-2021-43998: HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would alway
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
nvd
CVE-2025-6037P4MEDIUMCVSS 6.8fixed in 1.16.23fixed in 1.20.1+3 more2025-08-01
CVE-2025-6037 [MEDIUM] CWE-295 CVE-2025-6037: Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client c
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to
nvd
CVE-2023-0620P4MEDIUMCVSS 6.7fixed in 1.11.9≥ 1.12.0, < 1.12.5+2 more2023-03-30
CVE-2023-0620 [MEDIUM] CWE-89 CVE-2023-0620: HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injectio
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these paramete
nvd
CVE-2022-25243P4MEDIUMCVSS 6.5≥ 1.8.0, < 1.8.9≥ 1.9.0, < 1.9.42022-03-10
CVE-2022-25243 [MEDIUM] CWE-295 CVE-2022-25243: "Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under cert
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
nvd
CVE-2023-0665P4MEDIUMCVSS 6.5fixed in 1.11.9≥ 1.12.0, < 1.12.5+2 more2023-03-30
CVE-2023-0665 [MEDIUM] CWE-285 CVE-2023-0665: HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
nvd
CVE-2024-2660P4MEDIUMCVSS 6.8≥ 1.14.0, < 1.14.11≥ 1.14.0, < 1.16.0+1 more2024-04-04
CVE-2024-2660 [MEDIUM] CWE-636 CVE-2024-2660: Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses wh
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
nvd
CVE-2025-6015P4MEDIUMCVSS 5.7≥ 1.10.0, < 1.16.23≥ 1.10.0, < 1.20.1+3 more2025-08-01
CVE-2025-6015 [MEDIUM] CWE-307 CVE-2025-6015: Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
nvd
CVE-2025-6004P4MEDIUMCVSS 5.3≥ 1.13.0, < 1.16.23≥ 1.13.0, < 1.20.1+3 more2025-08-01
CVE-2025-6004 [MEDIUM] CWE-307 CVE-2025-6004: Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP
Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
nvd
CVE-2021-3024P4MEDIUMCVSS 5.3fixed in 1.5.7≥ 1.6.0, < 1.6.22021-02-01
CVE-2021-3024 [MEDIUM] CVE-2021-3024: HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when respon
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
nvd
CVE-2023-3462P4MEDIUMCVSS 5.3≥ 1.13.0, < 1.13.5v1.14.0+1 more2023-07-31
CVE-2023-3462 [MEDIUM] CWE-203 CVE-2023-3462: HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth m
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
nvd
CVE-2021-41802P4MEDIUMCVSS 5.4fixed in 1.7.5≥ 1.8.0, < 1.8.42021-10-08
CVE-2021-41802 [MEDIUM] CWE-732 CVE-2021-41802: HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
nvd
CVE-2020-25594P4MEDIUMCVSS 5.3fixed in 1.5.7≥ 1.6.0, < 1.6.22021-02-01
CVE-2020-25594 [MEDIUM] CVE-2020-25594: HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unaut
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
nvd
CVE-2022-30689P4MEDIUMCVSS 5.3≥ 1.10.0, < 1.10.32022-05-17
CVE-2022-30689 [MEDIUM] CVE-2022-30689: HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce M
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
nvd
CVE-2021-27668P4MEDIUMCVSS 5.3≥ 0.9.2, < 1.6.32021-08-31
CVE-2021-27668 [MEDIUM] CWE-306 CVE-2021-27668: HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondar
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.
nvd
CVE-2021-38554P4MEDIUMCVSS 5.3fixed in 1.8.02021-08-13
CVE-2021-38554 [MEDIUM] CWE-212 CVE-2021-38554: HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.
nvd
CVE-2023-2121P4MEDIUMCVSS 5.4fixed in 1.11.11≥ 1.12.0, < 1.12.7+3 more2023-06-09
CVE-2023-2121 [MEDIUM] CWE-79 CVE-2023-2121: Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into th
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
nvd
CVE-2022-41316P4MEDIUMCVSS 5.3fixed in 1.9.10≥ 1.10.0, < 1.10.7+1 more2022-10-12
CVE-2022-41316 [MEDIUM] CWE-295 CVE-2022-41316: HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the option
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
nvd