top of page
Sentence 25
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
Actual
Attack pathway tcp ip: authenticated user (with write permissions to a kv secrets engine)
Predicted
Attack pathway kvm: authenticated user
Attack pathway media: none
Attack pathway ethernet ip: none
Attack pathway tcp ip: none
bottom of page