Hashicorp Vault vulnerabilities
72 known vulnerabilities affecting hashicorp/vault.
Total CVEs
72
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH29MEDIUM33LOW3
Vulnerabilities
Page 4 of 4
CVE-2020-35177P4MEDIUMCVSS 5.3≥ 1.5.0, < 1.5.6≥ 1.6.0, < 1.6.12020-12-17
CVE-2020-35177 [MEDIUM] CWE-209 CVE-2020-35177: HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP a
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
nvd
CVE-2020-35453P4MEDIUMCVSS 5.3≥ 1.5.0, < 1.5.6≥ 1.6.0, < 1.6.12020-12-17
CVE-2020-35453 [MEDIUM] CVE-2020-35453: HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processe
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
nvd
CVE-2020-10660P4MEDIUMCVSS 5.3≥ 0.9.0, ≤ 1.3.32020-03-23
CVE-2020-10660 [MEDIUM] CWE-276 CVE-2020-10660: HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances,
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
nvd
CVE-2024-2877P4MEDIUMCVSS 5.5≥ 1.15.0, < 1.15.82024-04-30
CVE-2024-2877 [MEDIUM] CWE-532 CVE-2024-2877: Vault Enterprise, when configured with performance standby nodes and a configured audit device, will
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext.
This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8.
nvd
CVE-2021-45042P4MEDIUMCVSS 4.9≥ 1.4.0, < 1.7.7≥ 1.8.0, < 1.8.6+1 more2021-12-17
CVE-2021-45042 [MEDIUM] CVE-2021-45042: In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, cl
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
nvd
CVE-2023-3775P4MEDIUMCVSS 4.9≥ 0.11.0, < 1.13.8≥ 1.14.0, < 1.14.42023-09-29
CVE-2023-3775 [MEDIUM] CWE-266 CVE-2023-3775: A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resou
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.
nvd
CVE-2023-25000P4MEDIUMCVSS 4.7fixed in 1.11.9≥ 1.12.0, < 1.12.5+3 more2023-03-30
CVE-2023-25000 [MEDIUM] CWE-208 CVE-2023-25000: HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in
nvd
CVE-2023-3774P4MEDIUMCVSS 4.9v1.12.8v1.13.4+1 more2023-07-28
CVE-2023-3774 [MEDIUM] CWE-248 CVE-2023-3774: An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, po
An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.
nvd
CVE-2025-6011P4LOWCVSS 3.7fixed in 1.16.23fixed in 1.20.1+3 more2025-08-01
CVE-2025-6011 [LOW] CWE-203 CVE-2025-6011: A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an atta
A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
nvd
CVE-2021-38553P4MEDIUMCVSS 4.4≥ 1.4.0, < 1.8.02021-08-13
CVE-2021-38553 [MEDIUM] CWE-281 CVE-2021-38553: HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file ass
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
nvd
CVE-2025-4656P4LOWCVSS 3.1≥ 1.14.8, < 1.16.22≥ 1.14.8, < 1.20.0+3 more2025-06-25
CVE-2025-4656 [LOW] CWE-1088 CVE-2025-4656: Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of servi
Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.
nvd
CVE-2023-2197P4LOWCVSS 2.5≥ 1.13.0, < 1.13.22023-05-01
CVE-2023-2197 [LOW] CWE-326 CVE-2023-2197: HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using a
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2
nvd
← Previous4 / 4