vault

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A tool for managing secrets
Version 1.5.4-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1368 1.5.4-1 Medium Vulnerable FS#69015
Issue Group Severity Remote Type Description
CVE-2020-35177 AVG-1368 Medium Yes Information disclosure
HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1369 1.5.4-1 Medium Not affected
Issue Group Severity Remote Type Description
CVE-2020-35453 AVG-1369 Medium No Privilege escalation
HashiCorp Vault Enterprise's Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.