CVE-2020-25594

MEDIUM

HashiCorp Vault <1.6.2-1.5.7 - Info Disclosure

Title source: llm

HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.

Core 2

Core References

Vendor Advisory x_refsource_misc

Third Party Advisory vendor-advisory x_refsource_gentoo

CVSS v3 5.3

EPSS 0.0045

EPSS Percentile 63.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Status published

Products (1)

hashicorp/vault < 1.5.7 (2 CPE variants)

Published Feb 01, 2021

Tracked Since Feb 18, 2026