vault

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	A tool for managing secrets
Version	1.7.0-1 [community]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1519	1.5.4-1		Medium	Not affected
AVG-1369	1.5.4-1		Medium	Not affected
AVG-1368	1.5.5-1	1.5.7-1	Medium	Fixed	FS#69015

Issue	Group	Severity	Remote	Type	Description
CVE-2021-3282	AVG-1519	Medium	Yes	Authentication bypass	HashiCorp Vault Enterprise 1.6.0 and 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication....
CVE-2021-3024	AVG-1368	Low	Yes	Information disclosure	HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests....
CVE-2020-35453	AVG-1369	Medium	No	Privilege escalation	HashiCorp Vault Enterprise's Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
CVE-2020-35177	AVG-1368	Medium	Yes	Information disclosure	HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
CVE-2020-25594	AVG-1368	Low	Yes	Information disclosure	HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. This is fixed in versions...