vault-fips-1.19
Chainguard
Status
Impact
This vulnerability is related to a timing side-channel attack that allows user enumeration through observable discrepancies between existing and non-existing users. Upstream does not plan to backport the fix to the 1.19.x Community Edition stream but has available fixes in the Enterprise Edition version stream. Users should upgrade to Vault CE 1.20.1 or later which contains the fix.
Status