AVG-1368 log

Package vault
Status Fixed
Severity Medium
Type information disclosure
Affected 1.5.5-1
Fixed 1.5.7-1
Current 1.11.2-1 [community]
Ticket FS#69015
Created Thu Dec 17 14:48:44 2020
Issue Severity Remote Type Description
CVE-2021-3024 Low Yes Information disclosure
HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests....
CVE-2020-35177 Medium Yes Information disclosure
HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
CVE-2020-25594 Low Yes Information disclosure
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. This is fixed in versions...