Search for packages
| purl | pkg:ebuild/app-admin/vault@1.10.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2car-wc6d-p3a2 | Invalid session token expiration HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2. |
CVE-2021-32923
GHSA-38j9-7pp9-2hjw |
| VCID-4795-vxdy-w7g3 | HashiCorp Vault Incorrect Permission Assignment for Critical Resource HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0. |
CVE-2021-43998
GHSA-pfmw-vj74-ph8g |
| VCID-569k-mj6a-mfdf | Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service. |
CVE-2022-30689
GHSA-c5wc-v287-82pc |
| VCID-691a-a1hc-ubdd | Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service. |
CVE-2021-45042
|
| VCID-99xt-7k12-nfgc | Improper Authentication in HashiCorp Vault HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2. |
CVE-2021-3282
GHSA-rq95-xf66-j689 |
| VCID-9wyg-uv2p-d3ez | HashiCorp Consul Privilege Escalation Vulnerability HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2. |
CVE-2021-37219
GHSA-ccw8-7688-vqx4 |
| VCID-emvy-2fnu-5kd3 | Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service. |
CVE-2021-27668
|
| VCID-ep86-bgh1-fbb2 | Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service. |
CVE-2021-3024
|
| VCID-mcmw-uyjd-2kf3 | Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service. |
CVE-2020-25594
|
| VCID-rk2n-tuu9-fbdc | HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0. |
CVE-2021-38553
GHSA-23fq-q7hc-993r |
| VCID-s3xq-akc8-7ygt | Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service. |
CVE-2022-25243
|
| VCID-xerz-1x1v-uuap | Hashicorp Vault Privilege Escalation Vulnerability HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4. |
CVE-2021-41802
GHSA-qv95-g3gm-x542 |
| VCID-xk9c-q66v-3kcx | Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases. |
CVE-2021-38554
GHSA-6239-28c2-9mrm |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:03:16.737459+00:00 | Gentoo Importer | Fixing | VCID-569k-mj6a-mfdf | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.727160+00:00 | Gentoo Importer | Fixing | VCID-s3xq-akc8-7ygt | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.717408+00:00 | Gentoo Importer | Fixing | VCID-691a-a1hc-ubdd | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.707031+00:00 | Gentoo Importer | Fixing | VCID-4795-vxdy-w7g3 | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.696691+00:00 | Gentoo Importer | Fixing | VCID-xerz-1x1v-uuap | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.688315+00:00 | Gentoo Importer | Fixing | VCID-xk9c-q66v-3kcx | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.670895+00:00 | Gentoo Importer | Fixing | VCID-rk2n-tuu9-fbdc | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.661507+00:00 | Gentoo Importer | Fixing | VCID-9wyg-uv2p-d3ez | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.652241+00:00 | Gentoo Importer | Fixing | VCID-2car-wc6d-p3a2 | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.640317+00:00 | Gentoo Importer | Fixing | VCID-99xt-7k12-nfgc | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.632134+00:00 | Gentoo Importer | Fixing | VCID-ep86-bgh1-fbb2 | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.621898+00:00 | Gentoo Importer | Fixing | VCID-emvy-2fnu-5kd3 | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |
| 2026-04-01T13:03:16.612725+00:00 | Gentoo Importer | Fixing | VCID-mcmw-uyjd-2kf3 | https://security.gentoo.org/glsa/202207-01 | 38.0.0 |