v1.14.6/changelog/_2021Jan20.txt - hashicorp/vault - Git at Google

 ```release-note:security
 Mount Path Disclosure: Vault previously returned different HTTP status codes for
 existent and non-existent mount paths. This behavior would allow unauthenticated
 brute force attacks to reveal which paths had valid mounts. This issue affects
 Vault and Vault Enterprise and is fixed in 1.6.2 (CVE-2020-25594).
 ```
 ```release-note:security
 IP Address Disclosure: We fixed a vulnerability where, under some error
 conditions, Vault would return an error message disclosing internal IP
 addresses. This vulnerability affects Vault and Vault Enterprise and is fixed in
 1.6.2 (CVE-2021-3024).
 ```
	```release-note:security
	Mount Path Disclosure: Vault previously returned different HTTP status codes for
	existent and non-existent mount paths. This behavior would allow unauthenticated
	brute force attacks to reveal which paths had valid mounts. This issue affects
	Vault and Vault Enterprise and is fixed in 1.6.2 (CVE-2020-25594).
	```
	```release-note:security
	IP Address Disclosure: We fixed a vulnerability where, under some error
	conditions, Vault would return an error message disclosing internal IP
	addresses. This vulnerability affects Vault and Vault Enterprise and is fixed in
	1.6.2 (CVE-2021-3024).
	```