CVE-2020-35177 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
Group Package Affected Fixed Severity Status Ticket
AVG-1368 vault 1.5.4-1 Medium Vulnerable FS#69015
References
https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984
https://github.com/hashicorp/vault/pull/10537
https://github.com/hashicorp/vault/commit/5f8c7d2502246063d5846841146c68fa60d9bc68