{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","type":"ebuild","namespace":"app-admin","name":"vault","version":"1.10.3","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44683?format=json","vulnerability_id":"VCID-2car-wc6d-p3a2","summary":"Invalid session token expiration\nHashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32923.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-32923.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32923","reference_id":"","reference_type":"","scores":[{"value":"0.00612","scoring_system":"epss","scoring_elements":"0.70009","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70914","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70939","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70994","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71004","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71002","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70984","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71023","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.7106","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71025","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.71053","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70848","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70861","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70881","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70856","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70899","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70937","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70922","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70906","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70952","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00654","scoring_system":"epss","scoring_elements":"0.70959","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32923"},{"reference_url":"https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32923","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32923"},{"reference_url":"https://security.gentoo.org/glsa/202207-01","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202207-01"},{"reference_url":"https://www.hashicorp.com/blog/category/vault","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.hashicorp.com/blog/category/vault"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968032","reference_id":"1968032","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1968032"},{"reference_url":"https://security.archlinux.org/AVG-2029","reference_id":"AVG-2029","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2029"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2021-32923","GHSA-38j9-7pp9-2hjw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2car-wc6d-p3a2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36624?format=json","vulnerability_id":"VCID-4795-vxdy-w7g3","summary":"HashiCorp Vault Incorrect Permission Assignment for Critical Resource\nHashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43998.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43998.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43998","reference_id":"","reference_type":"","scores":[{"value":"0.00263","scoring_system":"epss","scoring_elements":"0.49735","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51471","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51509","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51462","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51469","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5143","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51374","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51423","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51468","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51427","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51455","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51382","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5146","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51419","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51473","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51514","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51493","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.5148","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51523","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00281","scoring_system":"epss","scoring_elements":"0.51531","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43998"},{"reference_url":"https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132"},{"reference_url":"https://github.com/hashicorp/vault","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/vault"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43998","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43998"},{"reference_url":"https://security.gentoo.org/glsa/202207-01","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202207-01"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2028193","reference_id":"2028193","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2028193"},{"reference_url":"https://security.archlinux.org/AVG-2294","reference_id":"AVG-2294","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2294"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2138","reference_id":"RHSA-2023:2138","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2138"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3742","reference_id":"RHSA-2023:3742","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3742"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2021-43998","GHSA-pfmw-vj74-ph8g"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4795-vxdy-w7g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48740?format=json","vulnerability_id":"VCID-569k-mj6a-mfdf","summary":"Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30689.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30689","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58224","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58181","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58158","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58139","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58169","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58171","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58146","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58112","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58125","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5807","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58173","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58124","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58154","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58113","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58134","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58109","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58163","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58167","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-30689"},{"reference_url":"https://discuss.hashicorp.com","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.hashicorp.com"},{"reference_url":"https://github.com/hashicorp/vault","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/vault"},{"reference_url":"https://github.com/hashicorp/vault/commit/15baea5fa3e71c837c33b8bcbd8f06e0fbbc110d","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/vault/commit/15baea5fa3e71c837c33b8bcbd8f06e0fbbc110d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30689","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30689"},{"reference_url":"https://security.gentoo.org/glsa/202207-01","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202207-01"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220629-0006","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20220629-0006"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122462","reference_id":"2122462","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2122462"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2022-30689","GHSA-c5wc-v287-82pc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-569k-mj6a-mfdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48738?format=json","vulnerability_id":"VCID-691a-a1hc-ubdd","summary":"Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45042.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45042.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45042","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62764","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62822","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62852","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62816","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62867","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62883","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62902","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62891","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62869","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.6291","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62917","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62897","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62933","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62887","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62934","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62987","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62945","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.62973","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.6303","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45042"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034914","reference_id":"2034914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2034914"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2021-45042"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-691a-a1hc-ubdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14185?format=json","vulnerability_id":"VCID-99xt-7k12-nfgc","summary":"Improper Authentication in HashiCorp Vault\nHashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3282.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3282","reference_id":"","reference_type":"","scores":[{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54902","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54841","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54815","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54835","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5481","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54755","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54797","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54852","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54813","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54839","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54736","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54807","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5483","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.548","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5485","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54847","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54859","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54842","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54819","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.54857","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00318","scoring_system":"epss","scoring_elements":"0.5486","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3282"},{"reference_url":"https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337"},{"reference_url":"https://github.com/hashicorp/vault/commit/09f9068e22f762da123160233518b440e00bdb3b","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/vault/commit/09f9068e22f762da123160233518b440e00bdb3b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3282","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3282"},{"reference_url":"https://security.gentoo.org/glsa/202207-01","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202207-01"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2189761","reference_id":"2189761","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2189761"},{"reference_url":"https://security.archlinux.org/AVG-1519","reference_id":"AVG-1519","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2021-3282","GHSA-rq95-xf66-j689"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-99xt-7k12-nfgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36196?format=json","vulnerability_id":"VCID-9wyg-uv2p-d3ez","summary":"HashiCorp Consul Privilege Escalation Vulnerability\nHashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37219.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37219.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37219","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62596","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62543","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62517","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62564","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62508","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62459","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62511","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62514","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62488","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62504","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62498","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62454","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62403","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62406","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62436","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62452","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62476","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62487","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62347","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62468","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37219"},{"reference_url":"https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024"},{"reference_url":"https://github.com/hashicorp/consul","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/consul"},{"reference_url":"https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/consul/commit/3357e57dac9aadabd476f7a14973e47f003c4cf0"},{"reference_url":"https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/consul/commit/473edd1764b6739e2e4610ea5dede4c2bc6009d1"},{"reference_url":"https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103"},{"reference_url":"https://github.com/hashicorp/consul/pull/10925","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/consul/pull/10925"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37219","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37219"},{"reference_url":"https://security.gentoo.org/glsa/202207-01","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202207-01"},{"reference_url":"https://www.hashicorp.com/blog/category/consul","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.hashicorp.com/blog/category/consul"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015218","reference_id":"1015218","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015218"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008169","reference_id":"2008169","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008169"},{"reference_url":"https://security.archlinux.org/AVG-2360","reference_id":"AVG-2360","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2360"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2021-37219","GHSA-ccw8-7688-vqx4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wyg-uv2p-d3ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48736?format=json","vulnerability_id":"VCID-emvy-2fnu-5kd3","summary":"Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27668.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-27668.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27668","reference_id":"","reference_type":"","scores":[{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55694","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57401","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57424","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57399","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57452","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57455","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57471","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57448","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57428","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57451","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57431","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57385","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57407","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57337","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57381","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57445","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57394","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.5742","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00349","scoring_system":"epss","scoring_elements":"0.57319","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27668"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2189758","reference_id":"2189758","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2189758"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2021-27668"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emvy-2fnu-5kd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48737?format=json","vulnerability_id":"VCID-ep86-bgh1-fbb2","summary":"Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3024.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3024.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3024","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63821","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65017","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65094","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65057","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65107","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.6512","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65139","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65129","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65101","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65138","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65147","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65131","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.6516","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65159","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.6514","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65188","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65233","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65202","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65224","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3024"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2189529","reference_id":"2189529","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2189529"},{"reference_url":"https://security.archlinux.org/AVG-1368","reference_id":"AVG-1368","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1368"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2021-3024"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ep86-bgh1-fbb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48735?format=json","vulnerability_id":"VCID-mcmw-uyjd-2kf3","summary":"Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25594.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25594.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25594","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63821","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65017","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65094","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65057","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65107","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.6512","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65139","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65129","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65101","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65138","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65147","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65131","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.6516","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65159","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.6514","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65188","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65233","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65202","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65224","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25594"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2189536","reference_id":"2189536","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2189536"},{"reference_url":"https://security.archlinux.org/AVG-1368","reference_id":"AVG-1368","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1368"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2020-25594"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mcmw-uyjd-2kf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39733?format=json","vulnerability_id":"VCID-rk2n-tuu9-fbdc","summary":"HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0\nHashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38553.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38553.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38553","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09596","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09252","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09461","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09427","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09388","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09297","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09452","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09525","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09507","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09538","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09304","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09305","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09355","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09268","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09344","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09393","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09405","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09376","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09361","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09254","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38553"},{"reference_url":"https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168"},{"reference_url":"https://github.com/hashicorp/vault","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/vault"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38553","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38553"},{"reference_url":"https://security.gentoo.org/glsa/202207-01","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202207-01"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995209","reference_id":"1995209","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995209"},{"reference_url":"https://security.archlinux.org/AVG-2294","reference_id":"AVG-2294","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2294"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2021-38553","GHSA-23fq-q7hc-993r"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rk2n-tuu9-fbdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48739?format=json","vulnerability_id":"VCID-s3xq-akc8-7ygt","summary":"Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25243.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25243.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25243","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39215","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39337","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39255","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39129","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39196","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39212","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3912","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39143","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47999","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47994","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47949","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47932","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47916","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47937","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47886","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47938","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47933","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47957","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47935","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.47944","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25243"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2189514","reference_id":"2189514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2189514"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2022-25243"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3xq-akc8-7ygt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34518?format=json","vulnerability_id":"VCID-xerz-1x1v-uuap","summary":"Hashicorp Vault Privilege Escalation Vulnerability\nHashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41802.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41802.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41802","reference_id":"","reference_type":"","scores":[{"value":"0.00238","scoring_system":"epss","scoring_elements":"0.46876","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48739","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48779","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48738","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48723","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48681","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48597","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48659","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48686","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48633","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48664","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48665","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48706","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48731","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48684","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48735","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48753","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48727","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48783","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41802"},{"reference_url":"https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation"},{"reference_url":"https://github.com/hashicorp/vault","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/vault"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41802","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41802"},{"reference_url":"https://security.gentoo.org/glsa/202207-01","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202207-01"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2015915","reference_id":"2015915","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2015915"},{"reference_url":"https://security.archlinux.org/AVG-2294","reference_id":"AVG-2294","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2294"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2021-41802","GHSA-qv95-g3gm-x542"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xerz-1x1v-uuap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38850?format=json","vulnerability_id":"VCID-xk9c-q66v-3kcx","summary":"Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault\nHashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38554.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38554.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38554","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52539","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54193","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54189","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54239","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54221","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.542","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54242","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54224","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54203","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54179","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54127","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54169","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54183","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54209","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54119","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54136","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54141","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38554"},{"reference_url":"https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166"},{"reference_url":"https://github.com/hashicorp/vault","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/vault"},{"reference_url":"https://github.com/hashicorp/vault/releases/tag/v1.6.6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/vault/releases/tag/v1.6.6"},{"reference_url":"https://github.com/hashicorp/vault/releases/tag/v1.7.4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hashicorp/vault/releases/tag/v1.7.4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38554","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38554"},{"reference_url":"https://security.gentoo.org/glsa/202207-01","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202207-01"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995207","reference_id":"1995207","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995207"},{"reference_url":"https://security.archlinux.org/AVG-2294","reference_id":"AVG-2294","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2294"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77620?format=json","purl":"pkg:ebuild/app-admin/vault@1.10.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}],"aliases":["CVE-2021-38554","GHSA-6239-28c2-9mrm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xk9c-q66v-3kcx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/vault@1.10.3"}