products / hashicorp_vault

HashiCorp Vault

HashiCorp Vault stores and rotates secrets, certificates, and encryption keys. NVD tracks the open-source server as hashicorp:vault with semver-style CPE ranges suitable for version-specific risk synthesis.

api usage

Querying Vault

product slughashicorp_vault

version format1.12.0, 1.15.2

bash

curl "https://api.attestd.io/v1/check?product=hashicorp_vault&version=1.12.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

Example response shape for an older 1.12.x line with known NVD ranges. Re-run against the live API after ingestion; exact risk_state depends on aggregated CVE facts for that semver.

json

{
  "product": "hashicorp_vault",
  "version": "1.12.0",
  "supported": true,
  "risk_state": "high",
  "risk_factors": ["privilege_escalation", "patch_available"],
  "actively_exploited": false,
  "remote_exploitable": true,
  "authentication_required": true,
  "patch_available": true,
  "confidence": 0.88,
  "cve_ids": ["CVE-2020-16250", "CVE-2022-41338"],
  "last_updated": "2026-05-11T00:00:00Z"
}

cleaner line

1.17.0 is a representative newer release line for a spot check after NVD cycles.

bash

curl "https://api.attestd.io/v1/check?product=hashicorp_vault&version=1.17.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

notable cves

CVE history

CVE	Description	CVSS
`CVE-2020-16250`	AWS IAM authentication security bypass (KV v2).	9.8
`CVE-2022-41338`	Integrated storage rollback race / ACL failure.	7.5
`CVE-2023-24999`	JWT signature bypass in plugin auth path.	9.8

All products Kubernetes API Server Response Field Reference