top of page
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
Attack pathway tcp ip: authenticated user (with write permissions to a kv secrets engine)
Attack pathway kvm: authenticated user
Attack pathway media: none
Attack pathway ethernet ip: none
Attack pathway tcp ip: none
bottom of page