13 lines
613 B
Plaintext
13 lines
613 B
Plaintext
|
```release-note:security
|
||
|
Mount Path Disclosure: Vault previously returned different HTTP status codes for
|
||
|
existent and non-existent mount paths. This behavior would allow unauthenticated
|
||
|
brute force attacks to reveal which paths had valid mounts. This issue affects
|
||
|
Vault and Vault Enterprise and is fixed in 1.6.2 (CVE-2020-25594).
|
||
|
```
|
||
|
```release-note:security
|
||
|
IP Address Disclosure: We fixed a vulnerability where, under some error
|
||
|
conditions, Vault would return an error message disclosing internal IP
|
||
|
addresses. This vulnerability affects Vault and Vault Enterprise and is fixed in
|
||
|
1.6.2 (CVE-2021-3024).
|
||
|
```
|