Количество 4
Количество 4
CVE-2023-3462
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
CVE-2023-3462
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
ROS-20241028-01
Уязвимость vault
GHSA-9v3w-w2jh-4hff
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-3462 HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5. | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
 | CVE-2023-3462 HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5. | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
 | ROS-20241028-01 Уязвимость vault | CVSS3: 5.3 | 1% Низкий | около 1 года назад |
| GHSA-9v3w-w2jh-4hff HashiCorp Vault and Vault Enterprise vulnerable to user enumeration | CVSS3: 5.3 | 1% Низкий | больше 2 лет назад |
Уязвимостей на страницу