CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25594

HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.3%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

Products affected by CVE-2020-25594

Hashicorp » Vault » Version: 0.10.0

cpe:2.3:a:hashicorp:vault:0.10.0
Hashicorp » Vault » Version: 0.11.0

cpe:2.3:a:hashicorp:vault:0.11.0
Hashicorp » Vault » Version: 0.9.2

cpe:2.3:a:hashicorp:vault:0.9.2
Hashicorp » Vault » Version: 1.0.0

cpe:2.3:a:hashicorp:vault:1.0.0
Hashicorp » Vault » Version: 1.0.1

cpe:2.3:a:hashicorp:vault:1.0.1
Hashicorp » Vault » Version: 1.0.2

cpe:2.3:a:hashicorp:vault:1.0.2
Hashicorp » Vault » Version: 1.0.3

cpe:2.3:a:hashicorp:vault:1.0.3
Hashicorp » Vault » Version: 1.1.0

cpe:2.3:a:hashicorp:vault:1.1.0
Hashicorp » Vault » Version: 1.1.1

cpe:2.3:a:hashicorp:vault:1.1.1
Hashicorp » Vault » Version: 1.1.2

cpe:2.3:a:hashicorp:vault:1.1.2
Hashicorp » Vault » Version: 1.1.3

cpe:2.3:a:hashicorp:vault:1.1.3
Hashicorp » Vault » Version: 1.1.4

cpe:2.3:a:hashicorp:vault:1.1.4
Hashicorp » Vault » Version: 1.1.5

cpe:2.3:a:hashicorp:vault:1.1.5
Hashicorp » Vault » Version: 1.2.0

cpe:2.3:a:hashicorp:vault:1.2.0
Hashicorp » Vault » Version: 1.2.1

cpe:2.3:a:hashicorp:vault:1.2.1
Hashicorp » Vault » Version: 1.2.2

cpe:2.3:a:hashicorp:vault:1.2.2
Hashicorp » Vault » Version: 1.2.3

cpe:2.3:a:hashicorp:vault:1.2.3
Hashicorp » Vault » Version: 1.2.4

cpe:2.3:a:hashicorp:vault:1.2.4
Hashicorp » Vault » Version: 1.2.5

cpe:2.3:a:hashicorp:vault:1.2.5
Hashicorp » Vault » Version: 1.3.0

cpe:2.3:a:hashicorp:vault:1.3.0
Hashicorp » Vault » Version: 1.3.1

cpe:2.3:a:hashicorp:vault:1.3.1
Hashicorp » Vault » Version: 1.3.2

cpe:2.3:a:hashicorp:vault:1.3.2
Hashicorp » Vault » Version: 1.3.3

cpe:2.3:a:hashicorp:vault:1.3.3
Hashicorp » Vault » Version: 1.3.4

cpe:2.3:a:hashicorp:vault:1.3.4
Hashicorp » Vault » Version: 1.3.5

cpe:2.3:a:hashicorp:vault:1.3.5
Hashicorp » Vault » Version: 1.3.6

cpe:2.3:a:hashicorp:vault:1.3.6
Hashicorp » Vault » Version: 1.3.8

cpe:2.3:a:hashicorp:vault:1.3.8
Hashicorp » Vault » Version: 1.4.0

cpe:2.3:a:hashicorp:vault:1.4.0
Hashicorp » Vault » Version: 1.4.1

cpe:2.3:a:hashicorp:vault:1.4.1
Hashicorp » Vault » Version: 1.4.2

cpe:2.3:a:hashicorp:vault:1.4.2
Hashicorp » Vault » Version: 1.4.3

cpe:2.3:a:hashicorp:vault:1.4.3
Hashicorp » Vault » Version: 1.4.4

cpe:2.3:a:hashicorp:vault:1.4.4
Hashicorp » Vault » Version: 1.4.5

cpe:2.3:a:hashicorp:vault:1.4.5
Hashicorp » Vault » Version: 1.4.5.1

cpe:2.3:a:hashicorp:vault:1.4.5.1
Hashicorp » Vault » Version: 1.4.6

cpe:2.3:a:hashicorp:vault:1.4.6
Hashicorp » Vault » Version: 1.4.7

cpe:2.3:a:hashicorp:vault:1.4.7
Hashicorp » Vault » Version: 1.5.0

cpe:2.3:a:hashicorp:vault:1.5.0
Hashicorp » Vault » Version: 1.5.1

cpe:2.3:a:hashicorp:vault:1.5.1
Hashicorp » Vault » Version: 1.5.2

cpe:2.3:a:hashicorp:vault:1.5.2
Hashicorp » Vault » Version: 1.5.2.1

cpe:2.3:a:hashicorp:vault:1.5.2.1
Hashicorp » Vault » Version: 1.5.3

cpe:2.3:a:hashicorp:vault:1.5.3
Hashicorp » Vault » Version: 1.5.4

cpe:2.3:a:hashicorp:vault:1.5.4
Hashicorp » Vault » Version: 1.5.5

cpe:2.3:a:hashicorp:vault:1.5.5
Hashicorp » Vault » Version: 1.5.6

cpe:2.3:a:hashicorp:vault:1.5.6
Hashicorp » Vault » Version: 1.6.0

cpe:2.3:a:hashicorp:vault:1.6.0
Hashicorp » Vault » Version: 1.6.1

cpe:2.3:a:hashicorp:vault:1.6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25594

Products

Pricing

Contact Us