GHSA-rpgp-9hmg-j25x

Source

https://github.com/advisories/GHSA-rpgp-9hmg-j25x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-rpgp-9hmg-j25x/GHSA-rpgp-9hmg-j25x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-rpgp-9hmg-j25x

Aliases

Published

2024-01-31T23:11:40Z

Modified

2024-06-28T15:58:27.741811Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:R CVSS Calculator

Summary

Enumeration of users in HashiCorp Vault

Details

HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.

Database specific

{
    "nvd_published_at": "2020-12-17T05:15:00Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-200"
    ],
    "github_reviewed_at": "2024-01-31T23:11:40Z"
}

References

Affected packages

Go / github.com/hashicorp/vault

Package

Name: github.com/hashicorp/vault; View open source insights on deps.dev
Purl: pkg:golang/github.com/hashicorp/vault

Affected ranges

Type: SEMVER
Events: Introduced

1.5.0

Fixed

1.5.6

Go / github.com/hashicorp/vault

Package

Name: github.com/hashicorp/vault; View open source insights on deps.dev
Purl: pkg:golang/github.com/hashicorp/vault

Affected ranges

Type: SEMVER
Events: Introduced

1.6.0

Fixed

1.6.1