CVE-2020-25594 - log back

CVE-2020-25594 edited at 11 Feb 2021 13:02:10
References
https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336
https://github.com/hashicorp/vault/pull/10650
- https://github.com/hashicorp/vault/commit/131123918ae8e6ca1ffba4dd7ed32b04c2068dd3
+ https://github.com/hashicorp/vault/commit/77eccdcd113a70b0768917533e5e114a8ddd7cca
CVE-2020-25594 edited at 01 Feb 2021 18:19:48
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. This is fixed in versions 1.6.2 and 1.5.7.
References
+ https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336
+ https://github.com/hashicorp/vault/pull/10650
+ https://github.com/hashicorp/vault/commit/131123918ae8e6ca1ffba4dd7ed32b04c2068dd3
CVE-2020-25594 created at 01 Feb 2021 18:14:35
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes