CVE-2020-35177 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1368	vault	1.5.5-1	1.5.7-1	Medium	Fixed	FS#69015

References
https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984 https://github.com/hashicorp/vault/pull/10537 https://github.com/hashicorp/vault/commit/5f8c7d2502246063d5846841146c68fa60d9bc68

References

https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984
https://github.com/hashicorp/vault/pull/10537
https://github.com/hashicorp/vault/commit/5f8c7d2502246063d5846841146c68fa60d9bc68