GCVE - cpe:2.3:a:hashicorp:vault:1.9.0:*:*:*:enterprise:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hashicorp:vault:1.9.0:*:*:*:enterprise:*:*:*

part: a version: 1.9.0 update: *

Vendor	Hashicorp (`dc524c16-6a01-528e-a41c-9d3e02e5e4a3`)
Product	Vault (`4dadab3d-054a-5498-9618-09dfc641ef81`)
Edition	*
Language	*
Software edition	enterprise
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/hashicorp/vault/`	purl2cpe	2026-06-01 10:14:57.367268

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-45042`	vulnerable	2026-06-03 14:45:37.676928	Details available In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0. Published: 2021-12-17T13:38:51.000Z Updated: 2024-08-04T04:32:13.617Z Open on db.gcve.eu Reference links https://www.hashicorp.com/blog/category/vault https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157 https://security.gentoo.org/glsa/202207-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.