CVEDB API - Fast Vulnerability Dashboard

Vulnerabilities

Vulnerable Software

Hashicorp: >> Vault >> 1.5.5 Security Vulnerabilities

CVE-2020-25594

HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.

CVSS Score

5.3

EPSS Score

0.004

Published

2021-02-01

CVE-2020-35177

HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.

CVSS Score

5.3

EPSS Score

0.004

Published

2020-12-17

CVE-2020-35453

HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.

CVSS Score

5.3

EPSS Score

0.003

Published

2020-12-17

Prev

Page 3

Products

Pricing

Contact Us

support@shodan.io

Shodan ® - All rights reserved