Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

api

package

Go to main page

Versions in this module

v1

v1.1.5

Jul 30, 2019 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v1.1.4

Jul 25, 2019 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const EnvVaultAgentAddress

v1.1.3

Jun 5, 2019 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type MountOutput

+ UUID string

type SecretAuth

+ EntityID string

v1.1.2

Apr 18, 2019 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v1.1.1

Apr 11, 2019 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v1.1.0

Mar 18, 2019 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const EnvVaultAgentAddr

+ const EnvVaultNamespace

+ const EnvVaultSkipVerify

type Config

+ AgentAddress string

type SecretAuth

+ Orphan bool

v1.1.0-beta2

Mar 5, 2019 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v1.1.0-beta1

Feb 20, 2019 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v1.0.3

Feb 12, 2019 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const ErrOutputStringRequest

type Client

+ func (c *Client) OutputCurlString() bool

+ func (c *Client) SetOutputCurlString(curl bool)

type Config

+ OutputCurlString bool

type HealthResponse

+ PerformanceStandby bool

type MountConfigInput

+ AllowedResponseHeaders []string

type MountConfigOutput

+ AllowedResponseHeaders []string

+ type OutputStringError struct

+ var LastOutputStringError *OutputStringError

+ func (d *OutputStringError) CurlString() string

+ func (d *OutputStringError) Error() string

v1.0.2

Jan 15, 2019 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v1.0.1

Dec 14, 2018 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v1.0.0

Dec 3, 2018 GO-2022-0611 +22 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type DeregisterPluginInput

+ Type consts.PluginType

type GetPluginInput

+ Type consts.PluginType

type ListPluginsInput

+ Type consts.PluginType

type ListPluginsResponse

+ PluginsByType map[consts.PluginType][]string

type MountConfigInput

+ TokenType string

type MountConfigOutput

+ TokenType string

type RegisterPluginInput

+ Type consts.PluginType

type SealStatusResponse

+ Migration bool

type Sys

+ func (c *Sys) UnsealWithOptions(opts *UnsealOpts) (*SealStatusResponse, error)

type TokenCreateRequest

+ Type string

+ type UnsealOpts struct

+ Key string

+ Migrate bool

+ Reset bool

v1.0.0-rc1

Nov 20, 2018 GO-2022-0611 +21 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v1.0.0-beta2

Nov 12, 2018 GO-2022-0611 +21 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v1.0.0-beta1

Oct 23, 2018 GO-2022-0611 +21 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0

v0.11.6

Dec 14, 2018 GO-2022-0611 +21 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.11.5

Nov 14, 2018 GO-2022-0611 +21 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.11.4

Oct 23, 2018 GO-2022-0611 +21 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type HealthResponse

+ LastWAL uint64

type LeaderResponse

+ LastWAL uint64

v0.11.3

Oct 8, 2018 GO-2022-0611 +21 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.11.2

Oct 2, 2018 GO-2022-0611 +21 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type SealStatusResponse

+ Initialized bool

v0.11.1

Sep 6, 2018 GO-2022-0611 +21 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.11.0

Aug 28, 2018 GO-2022-0611 +21 more

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0816: Improper Resource Shutdown or Release in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2485: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type Client

+ func (c *Client) Headers() http.Header

+ func (c *Client) SetNamespace(namespace string)

type GenerateRootStatusResponse

+ OTP string

+ OTPLength int

type LeaderResponse

+ PerfStandby bool

+ PerfStandbyLastRemoteWAL uint64

type Logical

+ func (c *Logical) ReadWithData(path string, data map[string][]string) (*Secret, error)

v0.11.0-beta1

Aug 16, 2018 GO-2022-0618 +17 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.10.4

Jul 25, 2018 GO-2022-0618 +17 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type Client

+ func (c *Client) RawRequestWithContext(ctx context.Context, r *Request) (*Response, error)

type MountConfigInput

+ Description *string

+ type RevokeOptions struct

+ Force bool

+ LeaseID string

+ Prefix bool

+ Sync bool

type Sys

+ func (c *Sys) RevokeWithOptions(opts *RevokeOptions) error

v0.10.3

Jun 20, 2018 GO-2022-0618 +17 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type SecretAuth

+ IdentityPolicies []string

+ TokenPolicies []string

v0.10.2

Jun 6, 2018 GO-2022-0618 +17 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const EnvRateLimit

type Client

+ func (c *Client) CurrentWrappingLookupFunc() WrappingLookupFunc

+ func (c *Client) SetBackoff(backoff retryablehttp.Backoff)

+ func (c *Client) SetLimiter(rateLimit float64, burst int)

type Config

+ Backoff retryablehttp.Backoff

+ Limiter *rate.Limiter

type RekeyInitRequest

+ RequireVerification bool

type RekeyStatusResponse

+ VerificationNonce string

+ VerificationRequired bool

type RekeyUpdateResponse

+ VerificationNonce string

+ VerificationRequired bool

+ type RekeyVerificationStatusResponse struct

+ N int

+ Nonce string

+ Progress int

+ Started bool

+ T int

+ type RekeyVerificationUpdateResponse struct

+ Complete bool

+ Nonce string

type Request

+ BodyBytes []byte

type Sys

+ func (c *Sys) RekeyRecoveryKeyVerificationCancel() error

+ func (c *Sys) RekeyRecoveryKeyVerificationStatus() (*RekeyVerificationStatusResponse, error)

+ func (c *Sys) RekeyRecoveryKeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error)

+ func (c *Sys) RekeyVerificationCancel() error

+ func (c *Sys) RekeyVerificationStatus() (*RekeyVerificationStatusResponse, error)

+ func (c *Sys) RekeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUpdateResponse, error)

v0.10.1

Apr 25, 2018 GO-2022-0618 +17 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.10.0

Apr 10, 2018 GO-2022-0618 +17 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type AuthConfigInput

+ PassthroughRequestHeaders []string

type AuthConfigOutput

+ PassthroughRequestHeaders []string

type AuthMount

+ Options map[string]string

+ type DeregisterPluginInput struct

+ Name string

type EnableAuthOptions

+ Options map[string]string

+ type GetPluginInput struct

+ Name string

+ type GetPluginResponse struct

+ Args []string

+ Builtin bool

+ Command string

+ Name string

+ SHA256 string

+ type ListPluginsInput struct

+ type ListPluginsResponse struct

+ Names []string

type MountConfigInput

+ Options map[string]string

+ PassthroughRequestHeaders []string

type MountConfigOutput

+ PassthroughRequestHeaders []string

type MountInput

+ Options map[string]string

type MountOutput

+ Options map[string]string

+ type RegisterPluginInput struct

+ Args []string

+ Command string

+ Name string

+ SHA256 string

type Sys

+ func (c *Sys) DeregisterPlugin(i *DeregisterPluginInput) error

+ func (c *Sys) GetPlugin(i *GetPluginInput) (*GetPluginResponse, error)

+ func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error)

+ func (c *Sys) RegisterPlugin(i *RegisterPluginInput) error

v0.10.0-rc1

Apr 4, 2018 GO-2022-0618 +16 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.9.6

Mar 20, 2018 GO-2022-0618 +16 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type AuthConfigInput

+ AuditNonHMACRequestKeys []string

+ AuditNonHMACResponseKeys []string

+ ListingVisibility string

type AuthConfigOutput

+ AuditNonHMACRequestKeys []string

+ AuditNonHMACResponseKeys []string

+ ListingVisibility string

type MountConfigInput

+ AuditNonHMACRequestKeys []string

+ AuditNonHMACResponseKeys []string

+ ListingVisibility string

type MountConfigOutput

+ AuditNonHMACRequestKeys []string

+ AuditNonHMACResponseKeys []string

+ ListingVisibility string

v0.9.5

Feb 26, 2018 GO-2022-0618 +16 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type AuthConfigInput

+ DefaultLeaseTTL string

+ MaxLeaseTTL string

v0.9.4

Feb 20, 2018 GO-2022-0618 +16 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.9.3

Jan 28, 2018 GO-2022-0618 +16 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.9.2

Jan 26, 2018 GO-2022-0618 +16 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type HealthResponse

+ ReplicationDRMode string

+ ReplicationPerformanceMode string

type Secret

+ func (s *Secret) TokenAccessor() (string, error)

+ func (s *Secret) TokenID() (string, error)

+ func (s *Secret) TokenIsRenewable() (bool, error)

+ func (s *Secret) TokenMetadata() (map[string]string, error)

+ func (s *Secret) TokenPolicies() ([]string, error)

+ func (s *Secret) TokenRemainingUses() (int, error)

+ func (s *Secret) TokenTTL() (time.Duration, error)

v0.9.1

Dec 21, 2017 GO-2022-0618 +16 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type AuthMount

+ SealWrap bool

type EnableAuthOptions

+ SealWrap bool

type RenewerInput

+ Increment int

type SealStatusResponse

+ RecoverySeal bool

v0.9.0

Nov 14, 2017 GO-2022-0618 +16 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2486: HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const EnvVaultMFA

type Client

+ func (c *Client) SetHeaders(headers http.Header)

+ func (c *Client) SetMFACreds(creds []string)

+ func (c *Client) SetPolicyOverride(override bool)

type Config

+ Error error

type GenerateRootStatusResponse

+ EncodedToken string

type MountInput

+ SealWrap bool

type MountOutput

+ SealWrap bool

type RekeyInitRequest

+ StoredShares int

type Request

+ MFAHeaderVals []string

+ PolicyOverride bool

type SealStatusResponse

+ Type string

type SecretWrapInfo

+ Accessor string

type Sys

+ func (c *Sys) GenerateDROperationTokenCancel() error

+ func (c *Sys) GenerateDROperationTokenInit(otp, pgpKey string) (*GenerateRootStatusResponse, error)

+ func (c *Sys) GenerateDROperationTokenStatus() (*GenerateRootStatusResponse, error)

+ func (c *Sys) GenerateDROperationTokenUpdate(shard, nonce string) (*GenerateRootStatusResponse, error)

v0.8.3

Sep 19, 2017 GO-2022-0618 +15 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2488: HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.8.2

Sep 5, 2017 GO-2022-0618 +14 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ type AuthConfigInput struct

+ PluginName string

type EnableAuthOptions

+ Config AuthConfigInput

type MountInput

+ PluginName string

type SSH

+ func (c *SSH) SignKey(role string, data map[string]interface{}) (*Secret, error)

v0.8.1

Aug 16, 2017 GO-2022-0618 +14 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2022-0825: Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.8.0

Aug 9, 2017 GO-2022-0618 +13 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const EnvVaultClientTimeout

+ var DefaultRenewerGrace = 15 * time.Second

+ var DefaultRenewerRenewBuffer = 5

+ var ErrRenewerMissingInput = errors.New("missing input to renewer")

+ var ErrRenewerMissingSecret = errors.New("missing secret to renew")

+ var ErrRenewerNoSecretData = errors.New("returned empty secret data")

+ var ErrRenewerNotRenewable = errors.New("secret is not renewable")

type AuthConfigOutput

+ PluginName string

type AuthMount

+ Accessor string

+ type CORSRequest struct

+ AllowedOrigins string

+ Enabled bool

+ type CORSResponse struct

+ AllowedOrigins string

+ Enabled bool

type Client

+ func (c *Client) Clone() (*Client, error)

+ func (c *Client) NewRenewer(i *RenewerInput) (*Renewer, error)

+ func (c *Client) SetClientTimeout(timeout time.Duration)

type Config

+ Timeout time.Duration

type EnableAuthOptions

+ PluginName string

type LeaderResponse

+ LeaderClusterAddress string

type MountConfigInput

+ PluginName string

type MountConfigOutput

+ PluginName string

type MountOutput

+ Accessor string

+ type RenewOutput struct

+ RenewedAt time.Time

+ Secret *Secret

+ type Renewer struct

+ func (r *Renewer) DoneCh() <-chan error

+ func (r *Renewer) Renew()

+ func (r *Renewer) RenewCh() <-chan *RenewOutput

+ func (r *Renewer) Stop()

+ type RenewerInput struct

+ Grace time.Duration

+ Rand *rand.Rand

+ RenewBuffer int

+ Secret *Secret

type Request

+ Headers http.Header

type SecretWrapInfo

+ CreationPath string

type Sys

+ func (c *Sys) CORSStatus() (*CORSResponse, error)

+ func (c *Sys) ConfigureCORS(req *CORSRequest) (*CORSResponse, error)

+ func (c *Sys) DisableCORS() (*CORSResponse, error)

type TokenAuth

+ func (c *TokenAuth) RenewTokenAsSelf(token string, increment int) (*Secret, error)

v0.8.0-rc1

Aug 3, 2017 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.8.0-beta1

Jul 25, 2017 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.7.3

Jun 7, 2017 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ type HealthResponse struct

+ ClusterID string

+ ClusterName string

+ Initialized bool

+ Sealed bool

+ ServerTimeUTC int64

+ Standby bool

+ Version string

type Sys

+ func (c *Sys) Health() (*HealthResponse, error)

v0.7.2

May 8, 2017 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.7.1

May 5, 2017 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.7.0

Mar 16, 2017 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const EnvVaultToken

type Audit

+ Local bool

type AuthMount

+ Local bool

type Client

+ func (c *Client) SetMaxRetries(retries int)

+ type EnableAuditOptions struct

+ Description string

+ Local bool

+ Options map[string]string

+ Type string

+ type EnableAuthOptions struct

+ Description string

+ Local bool

+ Type string

type MountConfigInput

+ ForceNoCache bool

type MountConfigOutput

+ ForceNoCache bool

type MountInput

+ Local bool

type MountOutput

+ Local bool

type Sys

+ func (c *Sys) EnableAuditWithOptions(path string, options *EnableAuditOptions) error

+ func (c *Sys) EnableAuthWithOptions(path string, options *EnableAuthOptions) error

v0.7.0-beta1

Mar 2, 2017 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.6.5

Feb 7, 2017 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type SealStatusResponse

+ Nonce string

v0.6.4

Dec 16, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.6.3

Dec 6, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type Client

+ func (c *Client) Address() string

v0.6.2

Oct 5, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ var DefaultWrappingLookupFunc = func(operation, path string) string

+ var DefaultWrappingTTL = "5m"

type InitRequest

+ RootTokenPGPKey string

type SSHHelperConfig

+ TLSServerName string

type TokenAuth

+ func (c *TokenAuth) CreateOrphan(opts *TokenCreateRequest) (*Secret, error)

v0.6.1

Aug 21, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const EnvVaultMaxRetries

+ type AuthConfigOutput struct

+ DefaultLeaseTTL int

+ MaxLeaseTTL int

type AuthMount

+ Config AuthConfigOutput

type Client

+ func (c *Client) SetAddress(addr string) error

type Config

+ MaxRetries int

+ func (c *Config) ConfigureTLS(t *TLSConfig) error

type InitResponse

+ KeysB64 []string

+ RecoveryKeysB64 []string

type RekeyRetrieveResponse

+ KeysB64 map[string][]string

type RekeyUpdateResponse

+ KeysB64 []string

type SSHHelperConfig

+ AllowedRoles string

type SSHVerifyResponse

+ RoleName string

type SealStatusResponse

+ ClusterID string

+ ClusterName string

+ Version string

type Secret

+ RequestID string

+ type TLSConfig struct

+ CACert string

+ CAPath string

+ ClientCert string

+ ClientKey string

+ Insecure bool

+ TLSServerName string

type TokenCreateRequest

+ Period string

v0.6.1-rc3

Aug 15, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.6.1-rc2

Aug 9, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.6.1-rc1

Jul 27, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.6.0

Jun 14, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const EnvVaultWrapTTL

type Client

+ func (c *Client) SetWrappingLookupFunc(lookupFunc WrappingLookupFunc)

type InitRequest

+ RecoveryPGPKeys []string

+ RecoveryShares int

+ RecoveryThreshold int

+ StoredShares int

type InitResponse

+ RecoveryKeys []string

type Logical

+ func (c *Logical) Unwrap(wrappingToken string) (*Secret, error)

type Request

+ WrapTTL string

type Secret

+ WrapInfo *SecretWrapInfo

+ type SecretWrapInfo struct

+ CreationTime time.Time

+ TTL int

+ Token string

+ WrappedAccessor string

type Sys

+ func (c *Sys) RekeyDeleteRecoveryBackup() error

+ func (c *Sys) RekeyRecoveryKeyCancel() error

+ func (c *Sys) RekeyRecoveryKeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error)

+ func (c *Sys) RekeyRecoveryKeyStatus() (*RekeyStatusResponse, error)

+ func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error)

+ func (c *Sys) RekeyRetrieveRecoveryBackup() (*RekeyRetrieveResponse, error)

type TokenCreateRequest

+ ExplicitMaxTTL string

+ Renewable *bool

+ type WrappingLookupFunc func(operation, path string) string

v0.6.0-rebuild

Jun 14, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.6.0-rc1

Jun 8, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.6.0-beta2

May 25, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.6.0-beta1

May 23, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.5.3

May 27, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.5.2

Mar 16, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

type Audit

+ Path string

+ type CapabilitiesResponse struct

+ Capabilities []string

type SSHHelperConfig

+ func ParseSSHHelperConfig(contents string) (*SSHHelperConfig, error)

type SecretAuth

+ Accessor string

type Sys

+ func (c *Sys) Capabilities(token, path string) ([]string, error)

+ func (c *Sys) CapabilitiesSelf(path string) ([]string, error)

+ func (c *Sys) RevokeForce(id string) error

+ func (c *Sys) StepDown() error

type TokenAuth

+ func (c *TokenAuth) CreateWithRole(opts *TokenCreateRequest, roleName string) (*Secret, error)

+ func (c *TokenAuth) LookupAccessor(accessor string) (*Secret, error)

+ func (c *TokenAuth) RevokeAccessor(accessor string) error

v0.5.1

Feb 25, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const EnvVaultTLSServerName

+ const SSHHelperDefaultMountPoint

type Client

+ func (c *Client) SSHHelper() *SSHHelper

+ func (c *Client) SSHHelperWithMountPoint(mountPoint string) *SSHHelper

+ type SSHHelper struct

+ MountPoint string

+ func (c *SSHHelper) Verify(otp string) (*SSHVerifyResponse, error)

+ type SSHHelperConfig struct

+ AllowedCidrList string

+ CACert string

+ CAPath string

+ SSHMountPoint string

+ TLSSkipVerify bool

+ VaultAddr string

+ func LoadSSHHelperConfig(path string) (*SSHHelperConfig, error)

+ func (c *SSHHelperConfig) NewClient() (*Client, error)

+ func (c *SSHHelperConfig) SetTLSParameters(clientConfig *Config, certPool *x509.CertPool)

v0.5.0

Feb 10, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ type GenerateRootStatusResponse struct

+ Complete bool

+ EncodedRootToken string

+ Nonce string

+ PGPFingerprint string

+ Progress int

+ Required int

+ Started bool

type Logical

+ func (c *Logical) List(path string) (*Secret, error)

type RekeyInitRequest

+ Backup bool

+ type RekeyRetrieveResponse struct

+ Keys map[string][]string

+ Nonce string

type RekeyStatusResponse

+ Backup bool

+ Nonce string

+ PGPFingerprints []string

type RekeyUpdateResponse

+ Backup bool

+ Nonce string

+ PGPFingerprints []string

type Sys

+ func (c *Sys) GenerateRootCancel() error

+ func (c *Sys) GenerateRootInit(otp, pgpKey string) error

+ func (c *Sys) GenerateRootStatus() (*GenerateRootStatusResponse, error)

+ func (c *Sys) GenerateRootUpdate(shard, nonce string) (*GenerateRootStatusResponse, error)

+ func (c *Sys) RekeyDeleteBackup() error

+ func (c *Sys) RekeyRetrieveBackup() (*RekeyRetrieveResponse, error)

type TokenAuth

+ func (c *TokenAuth) Lookup(token string) (*Secret, error)

v0.5.0-rc2

Feb 4, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.5.0-rc1.2

Feb 2, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.5.0-rc1.1

Feb 2, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.5.0-rc1

Feb 2, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.4.1

Jan 13, 2016 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.4.0

Dec 10, 2015 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const EnvVaultAddress

+ const EnvVaultCACert

+ const EnvVaultCAPath

+ const EnvVaultClientCert

+ const EnvVaultClientKey

+ const EnvVaultInsecure

+ func LoadCACert(path string) (*x509.CertPool, error)

+ func LoadCAPath(path string) (*x509.CertPool, error)

type Config

+ func (c *Config) ReadEnvironment() error

type SSHAgentConfig

+ func (c *SSHAgentConfig) SetTLSParameters(clientConfig *Config, certPool *x509.CertPool)

type Secret

+ Warnings []string

type Sys

+ func (c *Sys) AuditHash(path string, input string) (string, error)

+ func (c *Sys) ResetUnsealProcess() (*SealStatusResponse, error)

type TokenAuth

+ func (c *TokenAuth) LookupSelf() (*Secret, error)

+ func (c *TokenAuth) RenewSelf(increment int) (*Secret, error)

+ func (c *TokenAuth) RevokeSelf() error

type TokenCreateRequest

+ NoDefaultPolicy bool

+ TTL string

v0.4.0-rc2

Dec 1, 2015 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.4.0-rc1

Nov 20, 2015 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.3.1

Oct 6, 2015 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.3.0

Sep 28, 2015 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const SSHAgentDefaultMountPoint

+ const VerifyEchoRequest

+ const VerifyEchoResponse

type Client

+ func (c *Client) SSH() *SSH

+ func (c *Client) SSHAgent() *SSHAgent

+ func (c *Client) SSHAgentWithMountPoint(mountPoint string) *SSHAgent

+ func (c *Client) SSHWithMountPoint(mountPoint string) *SSH

type InitRequest

+ PGPKeys []string

+ type MountConfigInput struct

+ DefaultLeaseTTL string

+ MaxLeaseTTL string

+ type MountConfigOutput struct

+ DefaultLeaseTTL int

+ MaxLeaseTTL int

+ type MountInput struct

+ Config MountConfigInput

+ Description string

+ Type string

+ type MountOutput struct

+ Config MountConfigOutput

+ Description string

+ Type string

type RekeyInitRequest

+ PGPKeys []string

type Request

+ ClientToken string

+ type SSH struct

+ MountPoint string

+ func (c *SSH) Credential(role string, data map[string]interface{}) (*Secret, error)

+ type SSHAgent struct

+ MountPoint string

+ func (c *SSHAgent) Verify(otp string) (*SSHVerifyResponse, error)

+ type SSHAgentConfig struct

+ AllowedCidrList string

+ CACert string

+ CAPath string

+ SSHMountPoint string

+ TLSSkipVerify bool

+ VaultAddr string

+ func LoadSSHAgentConfig(path string) (*SSHAgentConfig, error)

+ func (c *SSHAgentConfig) NewClient() (*Client, error)

+ func (c *SSHAgentConfig) TLSClient(certPool *x509.CertPool) *http.Client

+ type SSHVerifyResponse struct

+ IP string

+ Message string

+ Username string

type Sys

+ func (c *Sys) MountConfig(path string) error

+ func (c *Sys) TuneMount(path string, config MountConfigInput) error

v0.3.0-rc

Sep 22, 2015 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.2.0

Jul 13, 2015 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ type KeyStatus struct

+ InstallTime time.Time

+ Term int

+ type RekeyInitRequest struct

+ SecretShares int

+ SecretThreshold int

+ type RekeyStatusResponse struct

+ N int

+ Progress int

+ Required int

+ Started bool

+ T int

+ type RekeyUpdateResponse struct

+ Complete bool

+ Keys []string

type Sys

+ func (c *Sys) KeyStatus() (*KeyStatus, error)

+ func (c *Sys) RekeyCancel() error

+ func (c *Sys) RekeyInit(config *RekeyInitRequest) error

+ func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error)

+ func (c *Sys) RekeyUpdate(shard string) (*RekeyUpdateResponse, error)

+ func (c *Sys) Rotate() error

v0.1.2

May 11, 2015 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.1.1

May 2, 2015 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

v0.1.0

Apr 28, 2015 GO-2022-0618 +12 more

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1709: Cache-timing attacks in Shamir's secret sharing in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

Changes in this version

+ const AuthCookieName

+ type Audit struct

+ Description string

+ Options map[string]string

+ Type string

+ type Auth struct

+ func (a *Auth) Token() *TokenAuth

+ type AuthMount struct

+ Description string

+ Type string

+ type Client struct

+ func NewClient(c *Config) (*Client, error)

+ func (c *Client) Auth() *Auth

+ func (c *Client) ClearToken()

+ func (c *Client) Help(path string) (*Help, error)

+ func (c *Client) Logical() *Logical

+ func (c *Client) NewRequest(method, path string) *Request

+ func (c *Client) RawRequest(r *Request) (*Response, error)

+ func (c *Client) SetToken(v string)

+ func (c *Client) Sys() *Sys

+ func (c *Client) Token() string

+ type Config struct

+ Address string

+ HttpClient *http.Client

+ func DefaultConfig() *Config

+ type ErrorResponse struct

+ Errors []string

+ type Help struct

+ Help string

+ SeeAlso []string

+ type InitRequest struct

+ SecretShares int

+ SecretThreshold int

+ type InitResponse struct

+ Keys []string

+ RootToken string

+ type InitStatusResponse struct

+ Initialized bool

+ type LeaderResponse struct

+ HAEnabled bool

+ IsSelf bool

+ LeaderAddress string

+ type Logical struct

+ func (c *Logical) Delete(path string) (*Secret, error)

+ func (c *Logical) Read(path string) (*Secret, error)

+ func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, error)

+ type Mount struct

+ Description string

+ Type string

+ type Request struct

+ Body io.Reader

+ BodySize int64

+ Method string

+ Obj interface{}

+ Params url.Values

+ URL *url.URL

+ func (r *Request) ResetJSONBody() error

+ func (r *Request) SetJSONBody(val interface{}) error

+ func (r *Request) ToHTTP() (*http.Request, error)

+ type Response struct

+ func (r *Response) DecodeJSON(out interface{}) error

+ func (r *Response) Error() error

+ type SealStatusResponse struct

+ N int

+ Progress int

+ Sealed bool

+ T int

+ type Secret struct

+ Auth *SecretAuth

+ Data map[string]interface{}

+ LeaseDuration int

+ LeaseID string

+ Renewable bool

+ func ParseSecret(r io.Reader) (*Secret, error)

+ type SecretAuth struct

+ ClientToken string

+ LeaseDuration int

+ Metadata map[string]string

+ Policies []string

+ Renewable bool

+ type Sys struct

+ func (c *Sys) DeletePolicy(name string) error

+ func (c *Sys) DisableAudit(path string) error

+ func (c *Sys) DisableAuth(path string) error

+ func (c *Sys) EnableAudit(path string, auditType string, desc string, opts map[string]string) error

+ func (c *Sys) EnableAuth(path, authType, desc string) error

+ func (c *Sys) GetPolicy(name string) (string, error)

+ func (c *Sys) Init(opts *InitRequest) (*InitResponse, error)

+ func (c *Sys) InitStatus() (bool, error)

+ func (c *Sys) Leader() (*LeaderResponse, error)

+ func (c *Sys) ListAudit() (map[string]*Audit, error)

+ func (c *Sys) ListAuth() (map[string]*AuthMount, error)

+ func (c *Sys) ListMounts() (map[string]*Mount, error)

+ func (c *Sys) ListPolicies() ([]string, error)

+ func (c *Sys) Login(vars map[string]string) error

+ func (c *Sys) Mount(path, mountType, description string) error

+ func (c *Sys) PutPolicy(name, rules string) error

+ func (c *Sys) Remount(from, to string) error

+ func (c *Sys) Renew(id string, increment int) (*Secret, error)

+ func (c *Sys) Revoke(id string) error

+ func (c *Sys) RevokePrefix(id string) error

+ func (c *Sys) Seal() error

+ func (c *Sys) SealStatus() (*SealStatusResponse, error)

+ func (c *Sys) Unmount(path string) error

+ func (c *Sys) Unseal(shard string) (*SealStatusResponse, error)

+ type TokenAuth struct

+ func (c *TokenAuth) Create(opts *TokenCreateRequest) (*Secret, error)

+ func (c *TokenAuth) Renew(token string, increment int) (*Secret, error)

+ func (c *TokenAuth) RevokeOrphan(token string) error

+ func (c *TokenAuth) RevokePrefix(token string) error

+ func (c *TokenAuth) RevokeTree(token string) error

+ type TokenCreateRequest struct

+ DisplayName string

+ ID string

+ Lease string

+ Metadata map[string]string

+ NoParent bool

+ NumUses int

+ Policies []string

Other modules containing this package

github.com/hashicorp/vault/api