GHSA-rpgp-9hmg-j25x, CVE-2020-35177
go/github.com/hashicorp/vault
Generation of Error Message Containing Sensitive Information
HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1.
All versions starting from 1.5.0 before 1.5.6, all versions starting from 1.6.0 before 1.6.1
Upgrade to versions 1.5.6, 1.6.1 or above.
2024-02-01
source |