vault
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | A tool for managing secrets |
| Version | 1.5.4-1 [community] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1368 | 1.5.4-1 | Medium | Vulnerable | FS#69015 |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-35177 | AVG-1368 | Medium | Yes | Information disclosure | HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1. |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1369 | 1.5.4-1 | Medium | Not affected |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2020-35453 | AVG-1369 | Medium | No | Privilege escalation | HashiCorp Vault Enterprise's Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1. |