Vault Enterprise
Monthly
HashiCorp Vault unauthenticated denial-of-service vulnerability allows remote attackers to block critical administrative operations by monopolizing the single operation slot for root token generation and rekey workflows. Affects all Vault Community and Enterprise versions prior to 2.0.0. No active exploitation confirmed (EPSS 3rd percentile), but attack is trivially automatable per CISA SSVC framework. HashiCorp released patches in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.
HashiCorp Vault improperly forwards authentication tokens to backend auth plugins when Authorization header pass-through is configured, allowing authenticated attackers with low privileges to potentially capture Vault tokens through malicious or compromised auth backends. Affects Vault 0.11.2 through 1.x and Vault Enterprise through 1.x, with patches available in versions 2.0.0, 1.21.5, 1.20.10, and 1.19.16. EPSS score of 0.01% suggests minimal widespread exploitation risk, and SSVC framework indicates no active exploitation, non-automatable attack requiring specific configuration, though technical impact is total system compromise if successfully executed.
HashiCorp Vault's KVv2 secrets engine allows authenticated users with glob-based policy access to delete secrets outside their authorization scope, causing denial-of-service across versions 0.10.0 through 1.x. The flaw stems from improper access control (CWE-288) in policy glob evaluation during delete operations. Exploitation requires valid Vault credentials with specific policy patterns but does not permit cross-namespace deletion or secret data exfiltration. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0/1.21.5/1.20.10/1.19.16. No active exploitation confirmed (EPSS 0.01%), but CVSS 8.1 reflects high integrity and availability impact for authenticated attackers.
HashiCorp Vault unauthenticated denial-of-service vulnerability allows remote attackers to block critical administrative operations by monopolizing the single operation slot for root token generation and rekey workflows. Affects all Vault Community and Enterprise versions prior to 2.0.0. No active exploitation confirmed (EPSS 3rd percentile), but attack is trivially automatable per CISA SSVC framework. HashiCorp released patches in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0.
HashiCorp Vault improperly forwards authentication tokens to backend auth plugins when Authorization header pass-through is configured, allowing authenticated attackers with low privileges to potentially capture Vault tokens through malicious or compromised auth backends. Affects Vault 0.11.2 through 1.x and Vault Enterprise through 1.x, with patches available in versions 2.0.0, 1.21.5, 1.20.10, and 1.19.16. EPSS score of 0.01% suggests minimal widespread exploitation risk, and SSVC framework indicates no active exploitation, non-automatable attack requiring specific configuration, though technical impact is total system compromise if successfully executed.
HashiCorp Vault's KVv2 secrets engine allows authenticated users with glob-based policy access to delete secrets outside their authorization scope, causing denial-of-service across versions 0.10.0 through 1.x. The flaw stems from improper access control (CWE-288) in policy glob evaluation during delete operations. Exploitation requires valid Vault credentials with specific policy patterns but does not permit cross-namespace deletion or secret data exfiltration. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0/1.21.5/1.20.10/1.19.16. No active exploitation confirmed (EPSS 0.01%), but CVSS 8.1 reflects high integrity and availability impact for authenticated attackers.