| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-5077 | Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets | HashiCorp | Vault | High | 7.6 | 2023-09-28 23:24:29 | Deep Dive |
| CVE-2023-3775 | Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service | HashiCorp | Vault Enterprise | Medium | 4.2 | 2023-09-28 23:17:24 | Deep Dive |
| CVE-2023-4680 | Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption | HashiCorp | Vault | Medium | 6.8 | 2023-09-14 23:06:25 | Deep Dive |
| CVE-2023-3462 | Vault's LDAP Auth Method Allows for User Enumeration | HashiCorp | Vault | Medium | 5.3 | 2023-07-31 22:40:23 | Deep Dive |
| CVE-2023-3774 | Vault Enterprise Namespace Creation May Lead to Denial of Service | HashiCorp | Vault Enterprise | Medium | 4.9 | 2023-07-28 00:45:04 | Deep Dive |
| CVE-2023-2121 | Vault’s KV Diff Viewer Allowed for HTML Injection | HashiCorp | Vault | Medium | 4.3 | 2023-06-09 16:59:49 | Deep Dive |
| CVE-2023-33001 | Jenkins HashiCorp Vault Plugin 日志信息泄露漏洞 | Jenkins Project | Jenkins HashiCorp Vault Plugin | 高危 | - | 2023-05-16 16:00:18 | Deep Dive |
| CVE-2023-2197 | Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM | HashiCorp | Vault Enterprise | Low | 2.5 | 2023-05-01 19:41:18 | Deep Dive |
| CVE-2023-30515 | Jenkins Plugin Thycotic DevOps Secrets Vault 安全漏洞 | Jenkins Project | Jenkins Thycotic DevOps Secrets Vault Plugin | 高危 | - | 2023-04-12 17:05:07 | Deep Dive |
| CVE-2023-30514 | Jenkins Plugin Azure Key Vault 安全漏洞 | Jenkins Project | Jenkins Azure Key Vault Plugin | 高危 | - | 2023-04-12 17:05:06 | Deep Dive |
| CVE-2023-0620 | Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend | HashiCorp | Vault | Medium | 6.5 | 2023-03-30 00:28:13 | Deep Dive |
| CVE-2023-0665 | Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata | HashiCorp | Vault | Medium | 6.5 | 2023-03-30 00:21:48 | Deep Dive |
| CVE-2023-25000 | Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations | HashiCorp | Vault | Medium | 5.0 | 2023-03-30 00:17:46 | Deep Dive |
| CVE-2023-20859 | Spring Vault 日志信息泄露漏洞 | - | Spring Vault, Spring Cloud Vault, Spring Cloud Config | 中危 | - | 2023-03-23 00:00:00 | Deep Dive |
| CVE-2022-47171 | WordPress IP Vault – WP Firewall Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) | Paul C. Schroeder | IP Vault – WP Firewall | Medium | 5.9 | 2023-03-14 06:42:57 | Deep Dive |
| CVE-2023-24999 | Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation | HashiCorp | Vault | Medium | 4.4 | 2023-03-10 23:12:48 | Deep Dive |
| CVE-2022-36888 | Jenkins Plugin HashiCorp Vault 安全漏洞 | Jenkins project | Jenkins HashiCorp Vault Plugin | 中危 | - | 2022-07-27 14:22:14 | Deep Dive |
| CVE-2022-25197 | Hashicorp HashiCorp Vault 安全漏洞 | Jenkins project | Jenkins HashiCorp Vault Plugin | 中危 | - | 2022-02-15 16:11:28 | Deep Dive |
| CVE-2022-25186 | Jenkins 插件 信息泄露漏洞 | Jenkins project | Jenkins HashiCorp Vault Plugin | 中危 | - | 2022-02-15 16:11:11 | Deep Dive |
| CVE-2022-23109 | Jenkins 安全漏洞 | Jenkins project | Jenkins HashiCorp Vault Plugin | 中危 | - | 2022-01-12 19:06:09 | Deep Dive |