Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-p861-tjpz-hkhs

Summary

Enumeration of users in HashiCorp Vault
HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.

Aliases

alias	CVE-2020-35177

alias	GHSA-rpgp-9hmg-j25x

Fixed_packages

url	pkg:alpm/archlinux/vault@1.5.7-1
purl	pkg:alpm/archlinux/vault@1.5.7-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/vault@1.5.7-1

url	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.14&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.14&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=s390x&distroversion=v3.14&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armv7&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.13&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.13&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=ppc64le&distroversion=v3.13&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.13&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.13&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86_64&distroversion=v3.13&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=aarch64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=aarch64&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armhf&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armv7&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=s390x&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86_64&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=aarch64&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armhf&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=ppc64le&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=s390x&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.13&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.13&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armhf&distroversion=v3.13&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.13&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.13&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armv7&distroversion=v3.13&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=mips64&distroversion=v3.13&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=mips64&distroversion=v3.13&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=mips64&distroversion=v3.13&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.13&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.13&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=s390x&distroversion=v3.13&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.13&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.13&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86&distroversion=v3.13&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.14&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.14&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=aarch64&distroversion=v3.14&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.14&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.14&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armhf&distroversion=v3.14&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.14&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.14&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=ppc64le&distroversion=v3.14&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.14&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.14&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86&distroversion=v3.14&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.14&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.14&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86_64&distroversion=v3.14&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armhf&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armv7&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86_64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86_64&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.13&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.13&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=aarch64&distroversion=v3.13&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.14&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.14&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armv7&distroversion=v3.14&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=s390x&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=aarch64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=aarch64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armhf&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armhf&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=armv7&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=armv7&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=ppc64le&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=ppc64le&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=s390x&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=s390x&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/vault@1.5.6-r0?arch=x86_64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/vault@1.5.6-r0%3Farch=x86_64&distroversion=v3.17&reponame=community

url	pkg:golang/github.com/hashicorp/vault@1.5.6
purl	pkg:golang/github.com/hashicorp/vault@1.5.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/vault@1.5.6

url	pkg:golang/github.com/hashicorp/vault@1.6.1
purl	pkg:golang/github.com/hashicorp/vault@1.6.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/vault@1.6.1

Affected_packages

url pkg:alpm/archlinux/vault@1.5.5-1

purl pkg:alpm/archlinux/vault@1.5.5-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ep86-bgh1-fbb2

vulnerability	VCID-mcmw-uyjd-2kf3

vulnerability	VCID-p861-tjpz-hkhs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/vault@1.5.5-1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35177.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35177.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-35177

reference_id

reference_type

scores

value	0.00395
scoring_system	epss
scoring_elements	0.60383
published_at	2026-04-24T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60337
published_at	2026-04-04T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60305
published_at	2026-04-07T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60355
published_at	2026-04-08T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.6037
published_at	2026-04-09T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60392
published_at	2026-04-11T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60378
published_at	2026-04-12T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60359
published_at	2026-04-13T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.604
published_at	2026-04-21T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60408
published_at	2026-04-18T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60235
published_at	2026-04-01T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60312
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-35177

reference_url

https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984

reference_url

https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161

reference_url

https://github.com/hashicorp/vault/pull/10537

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/vault/pull/10537

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-35177

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-35177

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1953042
reference_id	1953042
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1953042

reference_url

https://security.archlinux.org/AVG-1368

reference_id

AVG-1368

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1368

Weaknesses

cwe_id	200
name	Exposure of Sensitive Information to an Unauthorized Actor
description	The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p861-tjpz-hkhs

Vulnerability Instance