PT-2021-11163 · Hashicorp · Vault Enterprise+1
Published
2021-02-01
·
Updated
2024-03-06
·
CVE-2020-25594
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
HashiCorp Vault and Vault Enterprise versions prior to 1.5.7
HashiCorp Vault and Vault Enterprise versions prior to 1.6.2
Description:
The issue allows for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests.
Recommendations:
For versions prior to 1.5.7, update to version 1.5.7 or later.
For versions prior to 1.6.2, update to version 1.6.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hashicorp Vault
Vault Enterprise