CVE-2020-35177
Generation of Error Message Containing Sensitive Information in go/github.com/hashicorp/vault
Identifiers
GHSA-rpgp-9hmg-j25x, CVE-2020-35177
Package Slug
go/github.com/hashicorp/vault
Vulnerability
Generation of Error Message Containing Sensitive Information
Description
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
Affected Versions
All versions starting from 1.5.0 before 1.5.6, all versions starting from 1.6.0 before 1.6.1
Solution
Upgrade to versions 1.5.6, 1.6.1 or above.
Last Modified
2024-02-01
| source |