vault
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | A tool for managing secrets |
Version | 1.5.4-1 [community] |
Open
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-1368 | 1.5.4-1 | Medium | Vulnerable | FS#69015 |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2020-35177 | AVG-1368 | Medium | Yes | Information disclosure | HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1. |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-1369 | 1.5.4-1 | Medium | Not affected |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2020-35453 | AVG-1369 | Medium | No | Privilege escalation | HashiCorp Vault Enterprise's Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1. |