- Description
- HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
- Source
- security@hashicorp.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF8B4175-8E60-4169-9D10-FE924EB1516C",
"versionEndExcluding": "1.13.5",
"versionStartIncluding": "1.13.0"
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBC19EB3-A5B0-4165-BB49-763953AC2369",
"versionEndExcluding": "1.13.5",
"versionStartIncluding": "1.13.0"
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DFB14EC-487C-454C-A712-10085D897748"
},
{
"criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:enterprise:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB12634A-9B34-44C0-AC11-11120295E3F2"
}
],
"operator": "OR"
}
]
}
]