Package Instance

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.hashicorp.com/blog/category/vault

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.hashicorp.com/blog/category/vault

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1968032
reference_id	1968032
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1968032

reference_url

https://security.archlinux.org/AVG-2029

reference_id

AVG-2029

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2029

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2021-32923, GHSA-38j9-7pp9-2hjw

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2car-wc6d-p3a2

url VCID-4795-vxdy-w7g3

vulnerability_id VCID-4795-vxdy-w7g3

summary

HashiCorp Vault Incorrect Permission Assignment for Critical Resource
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43998.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43998.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-43998

reference_id

reference_type

scores

value	0.00281
scoring_system	epss
scoring_elements	0.51509
published_at	2026-04-21T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.5146
published_at	2026-04-04T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51419
published_at	2026-04-07T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51473
published_at	2026-04-08T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51471
published_at	2026-04-09T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51514
published_at	2026-04-11T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51493
published_at	2026-04-12T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.5148
published_at	2026-04-13T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51523
published_at	2026-04-16T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51531
published_at	2026-04-18T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51382
published_at	2026-04-01T12:55:00Z

value	0.00281
scoring_system	epss
scoring_elements	0.51433
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-43998

reference_url

https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-43998

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-43998

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2028193
reference_id	2028193
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2028193

reference_url

reference_id

AVG-2294

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30689.json

reference_url	https://access.redhat.com/errata/RHSA-2023:2138
reference_id	RHSA-2023:2138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2138

reference_url	https://access.redhat.com/errata/RHSA-2023:3742
reference_id	RHSA-2023:3742
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3742

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2021-43998, GHSA-pfmw-vj74-ph8g

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4795-vxdy-w7g3

url VCID-569k-mj6a-mfdf

vulnerability_id VCID-569k-mj6a-mfdf

summary Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30689.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30689

reference_id

reference_type

scores

value	0.0036
scoring_system	epss
scoring_elements	0.58146
published_at	2026-04-21T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58113
published_at	2026-04-02T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58134
published_at	2026-04-04T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58109
published_at	2026-04-07T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58163
published_at	2026-04-08T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58167
published_at	2026-04-09T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58181
published_at	2026-04-11T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58158
published_at	2026-04-12T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58139
published_at	2026-04-13T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58169
published_at	2026-04-16T12:55:00Z

value	0.0036
scoring_system	epss
scoring_elements	0.58171
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30689

reference_url

https://discuss.hashicorp.com

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/vault/commit/15baea5fa3e71c837c33b8bcbd8f06e0fbbc110d

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/vault/commit/15baea5fa3e71c837c33b8bcbd8f06e0fbbc110d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-30689

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-30689

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220629-0006

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220629-0006

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2122462
reference_id	2122462
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2122462

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2022-30689, GHSA-c5wc-v287-82pc

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-569k-mj6a-mfdf

url VCID-691a-a1hc-ubdd

vulnerability_id VCID-691a-a1hc-ubdd

summary Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45042.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45042.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-45042

reference_id

reference_type

scores

value	0.00435
scoring_system	epss
scoring_elements	0.62764
published_at	2026-04-01T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62822
published_at	2026-04-02T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62852
published_at	2026-04-04T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62816
published_at	2026-04-07T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62867
published_at	2026-04-08T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62883
published_at	2026-04-09T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62902
published_at	2026-04-11T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62891
published_at	2026-04-12T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62869
published_at	2026-04-13T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.6291
published_at	2026-04-16T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62917
published_at	2026-04-18T12:55:00Z

value	0.00435
scoring_system	epss
scoring_elements	0.62897
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-45042

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2034914
reference_id	2034914
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2034914

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2021-45042

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-691a-a1hc-ubdd

url VCID-99xt-7k12-nfgc

vulnerability_id VCID-99xt-7k12-nfgc

summary

Improper Authentication in HashiCorp Vault
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3282.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3282.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3282

reference_id

reference_type

scores

value	0.00318
scoring_system	epss
scoring_elements	0.54841
published_at	2026-04-21T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.5483
published_at	2026-04-04T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.548
published_at	2026-04-07T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.5485
published_at	2026-04-08T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54847
published_at	2026-04-09T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54859
published_at	2026-04-11T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54842
published_at	2026-04-12T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54819
published_at	2026-04-13T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54857
published_at	2026-04-16T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.5486
published_at	2026-04-18T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54736
published_at	2026-04-01T12:55:00Z

value	0.00318
scoring_system	epss
scoring_elements	0.54807
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3282

reference_url

https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337

reference_url

https://github.com/hashicorp/vault/commit/09f9068e22f762da123160233518b440e00bdb3b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/vault/commit/09f9068e22f762da123160233518b440e00bdb3b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3282

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3282

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.archlinux.org/AVG-1519

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2189761
reference_id	2189761
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2189761

reference_url

reference_id

AVG-1519

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1519

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2021-3282, GHSA-rq95-xf66-j689

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99xt-7k12-nfgc

url VCID-9wyg-uv2p-d3ez

vulnerability_id VCID-9wyg-uv2p-d3ez

summary

HashiCorp Consul Privilege Escalation Vulnerability
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37219.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37219.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-37219

reference_id

reference_type

scores

value	0.00428
scoring_system	epss
scoring_elements	0.62488
published_at	2026-04-21T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62504
published_at	2026-04-18T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62498
published_at	2026-04-16T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62454
published_at	2026-04-13T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62476
published_at	2026-04-12T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62487
published_at	2026-04-11T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62468
published_at	2026-04-09T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62452
published_at	2026-04-08T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62403
published_at	2026-04-07T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62436
published_at	2026-04-04T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62406
published_at	2026-04-02T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62347
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-37219

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37219
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37219

reference_url

https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024

reference_url

https://github.com/hashicorp/consul

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul

reference_url

https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0

reference_url

https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1

reference_url

https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103

reference_url

https://github.com/hashicorp/consul/pull/10925

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/consul/pull/10925

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-37219

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-37219

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.hashicorp.com/blog/category/consul

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.hashicorp.com/blog/category/consul

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015218
reference_id	1015218
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015218

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2008169
reference_id	2008169
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2008169

reference_url

https://security.archlinux.org/AVG-2360

reference_id

AVG-2360

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2360

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2021-37219, GHSA-ccw8-7688-vqx4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wyg-uv2p-d3ez

url VCID-emvy-2fnu-5kd3

vulnerability_id VCID-emvy-2fnu-5kd3

summary Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27668.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27668.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-27668

reference_id

reference_type

scores

value	0.00349
scoring_system	epss
scoring_elements	0.57319
published_at	2026-04-01T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57401
published_at	2026-04-02T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57424
published_at	2026-04-04T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57399
published_at	2026-04-07T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57452
published_at	2026-04-08T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57455
published_at	2026-04-16T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57471
published_at	2026-04-11T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57448
published_at	2026-04-12T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57428
published_at	2026-04-13T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57451
published_at	2026-04-18T12:55:00Z

value	0.00349
scoring_system	epss
scoring_elements	0.57431
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-27668

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2189758
reference_id	2189758
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2189758

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2021-27668

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emvy-2fnu-5kd3

url VCID-ep86-bgh1-fbb2

vulnerability_id VCID-ep86-bgh1-fbb2

summary Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3024.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3024.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3024

reference_id

reference_type

scores

value	0.00481
scoring_system	epss
scoring_elements	0.65017
published_at	2026-04-01T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65067
published_at	2026-04-02T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65094
published_at	2026-04-04T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65057
published_at	2026-04-07T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65107
published_at	2026-04-08T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.6512
published_at	2026-04-09T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65139
published_at	2026-04-11T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65129
published_at	2026-04-12T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65101
published_at	2026-04-13T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65138
published_at	2026-04-16T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65147
published_at	2026-04-18T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65131
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3024

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2189529
reference_id	2189529
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2189529

reference_url

reference_id

AVG-1368

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25594.json

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2021-3024

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ep86-bgh1-fbb2

url VCID-mcmw-uyjd-2kf3

vulnerability_id VCID-mcmw-uyjd-2kf3

summary Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25594.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25594

reference_id

reference_type

scores

value	0.00481
scoring_system	epss
scoring_elements	0.65017
published_at	2026-04-01T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65067
published_at	2026-04-02T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65094
published_at	2026-04-04T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65057
published_at	2026-04-07T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65107
published_at	2026-04-08T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.6512
published_at	2026-04-09T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65139
published_at	2026-04-11T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65129
published_at	2026-04-12T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65101
published_at	2026-04-13T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65138
published_at	2026-04-16T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65147
published_at	2026-04-18T12:55:00Z

value	0.00481
scoring_system	epss
scoring_elements	0.65131
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25594

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2189536
reference_id	2189536
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2189536

reference_url

reference_id

AVG-1368

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38553.json

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2020-25594

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mcmw-uyjd-2kf3

url VCID-rk2n-tuu9-fbdc

vulnerability_id VCID-rk2n-tuu9-fbdc

summary

HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

references

reference_url

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38553.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38553

reference_id

reference_type

scores

value	0.00032
scoring_system	epss
scoring_elements	0.09252
published_at	2026-04-18T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09254
published_at	2026-04-16T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09361
published_at	2026-04-13T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09344
published_at	2026-04-08T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09355
published_at	2026-04-04T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09268
published_at	2026-04-07T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09393
published_at	2026-04-09T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09376
published_at	2026-04-12T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09304
published_at	2026-04-01T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09405
published_at	2026-04-21T12:55:00Z

value	0.00032
scoring_system	epss
scoring_elements	0.09305
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38553

reference_url

https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-38553

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-38553

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1995209
reference_id	1995209
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1995209

reference_url

reference_id

AVG-2294

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25243.json

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2021-38553, GHSA-23fq-q7hc-993r

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rk2n-tuu9-fbdc

url VCID-s3xq-akc8-7ygt

vulnerability_id VCID-s3xq-akc8-7ygt

summary Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25243.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-25243

reference_id

reference_type

scores

value	0.00247
scoring_system	epss
scoring_elements	0.47916
published_at	2026-04-02T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.47937
published_at	2026-04-04T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.47886
published_at	2026-04-07T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.47938
published_at	2026-04-08T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.47933
published_at	2026-04-09T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.47957
published_at	2026-04-11T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.47935
published_at	2026-04-12T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.47944
published_at	2026-04-13T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.47999
published_at	2026-04-16T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.47994
published_at	2026-04-18T12:55:00Z

value	0.00247
scoring_system	epss
scoring_elements	0.47949
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-25243

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2189514
reference_id	2189514
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2189514

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2022-25243

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3xq-akc8-7ygt

url VCID-xerz-1x1v-uuap

vulnerability_id VCID-xerz-1x1v-uuap

summary

Hashicorp Vault Privilege Escalation Vulnerability
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41802.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41802.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-41802

reference_id

reference_type

scores

value	0.00254
scoring_system	epss
scoring_elements	0.48738
published_at	2026-04-21T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48779
published_at	2026-04-18T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48739
published_at	2026-04-08T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48731
published_at	2026-04-04T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48684
published_at	2026-04-07T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48735
published_at	2026-04-13T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48783
published_at	2026-04-16T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48727
published_at	2026-04-12T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48665
published_at	2026-04-01T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48753
published_at	2026-04-11T12:55:00Z

value	0.00254
scoring_system	epss
scoring_elements	0.48706
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-41802

reference_url

https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation

reference_url

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41802

reference_url

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-41802

reference_url

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2015915
reference_id	2015915
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2015915

reference_url

reference_id

AVG-2294

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38554.json

fixed_packages

url	pkg:ebuild/app-admin/vault@1.10.3
purl	pkg:ebuild/app-admin/vault@1.10.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3

aliases CVE-2021-41802, GHSA-qv95-g3gm-x542

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xerz-1x1v-uuap

url VCID-xk9c-q66v-3kcx

vulnerability_id VCID-xk9c-q66v-3kcx

summary

Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault
HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.

references

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38554.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38554

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54224
published_at	2026-04-21T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54119
published_at	2026-04-01T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54136
published_at	2026-04-02T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54166
published_at	2026-04-04T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54141
published_at	2026-04-07T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54193
published_at	2026-04-08T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54189
published_at	2026-04-09T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54239
published_at	2026-04-16T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54221
published_at	2026-04-12T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.542
published_at	2026-04-13T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54242
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38554

reference_url

https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/vault/releases/tag/v1.6.6

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/vault/releases/tag/v1.6.6

reference_url

https://github.com/hashicorp/vault/releases/tag/v1.7.4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/vault/releases/tag/v1.7.4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-38554

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-38554

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1995207
reference_id	1995207
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1995207

reference_url

reference_id

AVG-2294

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url