Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/77620?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "type": "ebuild", "namespace": "app-admin", "name": "vault", "version": "1.10.3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44683?format=api", "vulnerability_id": "VCID-2car-wc6d-p3a2", "summary": "Invalid session token expiration\nHashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32923.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32923.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71053", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70959", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70939", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70994", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71004", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71002", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70984", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71023", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.7106", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.71025", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70848", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70861", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70881", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70856", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70899", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70914", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70937", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70922", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70906", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00654", "scoring_system": "epss", "scoring_elements": "0.70952", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32923" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32923", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32923" }, { "reference_url": "https://security.gentoo.org/glsa/202207-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202207-01" }, { "reference_url": "https://www.hashicorp.com/blog/category/vault", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/vault" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968032", "reference_id": "1968032", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968032" }, { "reference_url": "https://security.archlinux.org/AVG-2029", "reference_id": "AVG-2029", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2029" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2021-32923", "GHSA-38j9-7pp9-2hjw" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2car-wc6d-p3a2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36624?format=api", "vulnerability_id": "VCID-4795-vxdy-w7g3", "summary": "HashiCorp Vault Incorrect Permission Assignment for Critical Resource\nHashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43998.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43998.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51455", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51531", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51509", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51462", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51469", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.5143", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51374", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51423", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51468", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51427", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51382", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51433", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.5146", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51419", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51473", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51471", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51514", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51493", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.5148", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00281", "scoring_system": "epss", "scoring_elements": "0.51523", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43998" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132" }, { "reference_url": "https://github.com/hashicorp/vault", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/vault" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43998", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43998" }, { "reference_url": "https://security.gentoo.org/glsa/202207-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202207-01" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028193", "reference_id": "2028193", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2028193" }, { "reference_url": "https://security.archlinux.org/AVG-2294", "reference_id": "AVG-2294", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2138", "reference_id": "RHSA-2023:2138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3742", "reference_id": "RHSA-2023:3742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3742" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2021-43998", "GHSA-pfmw-vj74-ph8g" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4795-vxdy-w7g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48740?format=api", "vulnerability_id": "VCID-569k-mj6a-mfdf", "summary": "Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30689.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58154", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58167", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58181", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58158", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58139", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58169", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58171", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58146", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58112", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58125", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.5807", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58173", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58124", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58113", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58134", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58109", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58163", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30689" }, { "reference_url": "https://discuss.hashicorp.com", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com" }, { "reference_url": "https://github.com/hashicorp/vault", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/vault" }, { "reference_url": "https://github.com/hashicorp/vault/commit/15baea5fa3e71c837c33b8bcbd8f06e0fbbc110d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/vault/commit/15baea5fa3e71c837c33b8bcbd8f06e0fbbc110d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30689", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30689" }, { "reference_url": "https://security.gentoo.org/glsa/202207-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202207-01" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220629-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220629-0006" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122462", "reference_id": "2122462", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2122462" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2022-30689", "GHSA-c5wc-v287-82pc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-569k-mj6a-mfdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48738?format=api", "vulnerability_id": "VCID-691a-a1hc-ubdd", "summary": "Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45042.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45042.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45042", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62764", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62822", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62852", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62816", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62867", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62883", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62902", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62891", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62869", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.6291", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62917", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62897", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62933", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62887", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62934", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62987", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62945", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.62973", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45042" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034914", "reference_id": "2034914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034914" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2021-45042" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-691a-a1hc-ubdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14185?format=api", "vulnerability_id": "VCID-99xt-7k12-nfgc", "summary": "Improper Authentication in HashiCorp Vault\nHashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3282.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54839", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5486", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54841", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54815", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54835", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5481", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54755", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54797", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54852", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54813", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54736", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54807", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5483", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.548", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.5485", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54847", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54859", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54842", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54819", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.54857", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3282" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337" }, { "reference_url": "https://github.com/hashicorp/vault/commit/09f9068e22f762da123160233518b440e00bdb3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/vault/commit/09f9068e22f762da123160233518b440e00bdb3b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3282", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3282" }, { "reference_url": "https://security.gentoo.org/glsa/202207-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202207-01" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189761", "reference_id": "2189761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189761" }, { "reference_url": "https://security.archlinux.org/AVG-1519", "reference_id": "AVG-1519", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1519" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2021-3282", "GHSA-rq95-xf66-j689" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99xt-7k12-nfgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36196?format=api", "vulnerability_id": "VCID-9wyg-uv2p-d3ez", "summary": "HashiCorp Consul Privilege Escalation Vulnerability\nHashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37219.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37219.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62543", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62347", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62406", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62436", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62403", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62452", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62468", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62487", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62476", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62454", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62498", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62504", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62488", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62514", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62511", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62459", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62508", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62564", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62517", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37219" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37219" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024" }, { "reference_url": "https://github.com/hashicorp/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul" }, { "reference_url": "https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0" }, { "reference_url": "https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1" }, { "reference_url": "https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103" }, { "reference_url": "https://github.com/hashicorp/consul/pull/10925", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/consul/pull/10925" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37219", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37219" }, { "reference_url": "https://security.gentoo.org/glsa/202207-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202207-01" }, { "reference_url": "https://www.hashicorp.com/blog/category/consul", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.hashicorp.com/blog/category/consul" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015218", "reference_id": "1015218", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015218" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008169", "reference_id": "2008169", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008169" }, { "reference_url": "https://security.archlinux.org/AVG-2360", "reference_id": "AVG-2360", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2360" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2021-37219", "GHSA-ccw8-7688-vqx4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wyg-uv2p-d3ez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48736?format=api", "vulnerability_id": "VCID-emvy-2fnu-5kd3", "summary": "Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27668.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27668.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57319", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57401", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57424", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57399", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57452", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57455", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57471", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57448", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57428", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57451", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57431", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57385", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57407", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57386", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57337", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57381", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57445", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.57394", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00349", "scoring_system": "epss", "scoring_elements": "0.5742", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27668" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189758", "reference_id": "2189758", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189758" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2021-27668" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emvy-2fnu-5kd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48737?format=api", "vulnerability_id": "VCID-ep86-bgh1-fbb2", "summary": "Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3024.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3024.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3024", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65017", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65094", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65057", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65107", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.6512", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65139", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65129", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65101", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65138", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65147", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65131", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.6516", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65159", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.6514", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65188", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65233", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65202", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65224", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3024" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189529", "reference_id": "2189529", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189529" }, { "reference_url": "https://security.archlinux.org/AVG-1368", "reference_id": "AVG-1368", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1368" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2021-3024" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ep86-bgh1-fbb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48735?format=api", "vulnerability_id": "VCID-mcmw-uyjd-2kf3", "summary": "Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25594.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25594.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25594", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65017", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65094", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65057", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65107", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.6512", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65139", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65129", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65101", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65138", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65147", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65131", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.6516", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65159", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.6514", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65188", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65233", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65202", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65224", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25594" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189536", "reference_id": "2189536", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189536" }, { "reference_url": "https://security.archlinux.org/AVG-1368", "reference_id": "AVG-1368", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1368" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2020-25594" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mcmw-uyjd-2kf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39733?format=api", "vulnerability_id": "VCID-rk2n-tuu9-fbdc", "summary": "HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0\nHashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38553.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38553.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09538", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09254", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09252", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09461", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09427", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09388", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09297", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09452", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09525", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09507", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09304", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09305", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09355", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09268", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09344", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09393", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09405", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09376", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09361", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38553" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168" }, { "reference_url": "https://github.com/hashicorp/vault", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/vault" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38553", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38553" }, { "reference_url": "https://security.gentoo.org/glsa/202207-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202207-01" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995209", "reference_id": "1995209", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995209" }, { "reference_url": "https://security.archlinux.org/AVG-2294", "reference_id": "AVG-2294", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2294" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2021-38553", "GHSA-23fq-q7hc-993r" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rk2n-tuu9-fbdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48739?format=api", "vulnerability_id": "VCID-s3xq-akc8-7ygt", "summary": "Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25243.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25243.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25243", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39143", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39337", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39255", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39129", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39196", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39212", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3912", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47944", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47999", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47994", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47949", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47932", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47937", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47886", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47938", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47933", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47935", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25243" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189514", "reference_id": "2189514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189514" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2022-25243" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3xq-akc8-7ygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34518?format=api", "vulnerability_id": "VCID-xerz-1x1v-uuap", "summary": "Hashicorp Vault Privilege Escalation Vulnerability\nHashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41802.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41802.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48664", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48783", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48779", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48738", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48723", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48681", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48597", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48659", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48686", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48633", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48665", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48706", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48731", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48684", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48735", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48753", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48727", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41802" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation" }, { "reference_url": "https://github.com/hashicorp/vault", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/vault" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41802", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41802" }, { "reference_url": "https://security.gentoo.org/glsa/202207-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202207-01" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015915", "reference_id": "2015915", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015915" }, { "reference_url": "https://security.archlinux.org/AVG-2294", "reference_id": "AVG-2294", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2294" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2021-41802", "GHSA-qv95-g3gm-x542" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xerz-1x1v-uuap" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38850?format=api", "vulnerability_id": "VCID-xk9c-q66v-3kcx", "summary": "Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault\nHashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38554.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38554.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38554", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54209", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54141", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54193", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54189", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54239", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54221", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.542", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54242", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54224", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54203", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54179", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54127", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54169", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54183", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54119", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54136", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54166", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38554" }, { "reference_url": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166" }, { "reference_url": "https://github.com/hashicorp/vault", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/vault" }, { "reference_url": "https://github.com/hashicorp/vault/releases/tag/v1.6.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/vault/releases/tag/v1.6.6" }, { "reference_url": "https://github.com/hashicorp/vault/releases/tag/v1.7.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hashicorp/vault/releases/tag/v1.7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38554", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38554" }, { "reference_url": "https://security.gentoo.org/glsa/202207-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202207-01" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995207", "reference_id": "1995207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995207" }, { "reference_url": "https://security.archlinux.org/AVG-2294", "reference_id": "AVG-2294", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2294" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/77620?format=api", "purl": "pkg:ebuild/app-admin/vault@1.10.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" } ], "aliases": [ "CVE-2021-38554", "GHSA-6239-28c2-9mrm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xk9c-q66v-3kcx" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3" }