AVG-1368 log
| Package | vault |
| Status | Fixed |
| Severity | Medium |
| Type | information disclosure |
| Affected | 1.5.5-1 |
| Fixed | 1.5.7-1 |
| Current | 1.11.2-1 [community] |
| Ticket | FS#69015 |
| Created | Thu Dec 17 14:48:44 2020 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-3024 | Low | Yes | Information disclosure | HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests.... |
| CVE-2020-35177 | Medium | Yes | Information disclosure | HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1. |
| CVE-2020-25594 | Low | Yes | Information disclosure | HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. This is fixed in versions... |