GHSA-rpgp-9hmg-j25x

Suggest an improvement
Source
https://github.com/advisories/GHSA-rpgp-9hmg-j25x
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-rpgp-9hmg-j25x/GHSA-rpgp-9hmg-j25x.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rpgp-9hmg-j25x
Aliases
Published
2024-01-31T23:11:40Z
Modified
2024-06-28T15:58:27.741811Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R CVSS Calculator
Summary
Enumeration of users in HashiCorp Vault
Details

HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.

References

Affected packages

Go / github.com/hashicorp/vault

Package

Name
github.com/hashicorp/vault
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/vault

Affected ranges

Type
SEMVER
Events
Introduced
1.5.0
Fixed
1.5.6

Go / github.com/hashicorp/vault

Package

Name
github.com/hashicorp/vault
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/vault

Affected ranges

Type
SEMVER
Events
Introduced
1.6.0
Fixed
1.6.1