HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.
Metrics
Affected Vendors & Products
References
History
Mon, 21 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 16 Oct 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.17::el9 |
Wed, 09 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat openshift
|
|
CPEs | cpe:/a:redhat:openshift:4.16::el9 | |
Vendors & Products |
Redhat openshift
|
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2023-07-31T22:40:23.432Z
Updated: 2024-10-21T18:04:40.093Z
Reserved: 2023-06-29T19:00:52.239Z
Link: CVE-2023-3462
Vulnrichment
Updated: 2024-08-02T06:55:03.557Z
NVD
Status : Modified
Published: 2023-07-31T23:15:10.360
Modified: 2024-11-21T08:17:19.147
Link: CVE-2023-3462
Redhat