47 matches found
EUVD-2021-17399
Malware in sbrugna...
ROS-20250905-07
A vulnerability in the user locking mechanism of the Vault Enterprise and Vault Community Edition enterprise data archiving platforms is due to the application not performing the correct normalization of the application. Enterprise and Vault Community Edition is related to the fact that the...
HashiCorp Vault ldap auth method may not have correctly enforced MFA
Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...
CVE-2025-6011
A timing side channel in Vault and Vault Enterprise’s “Vault” userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise...
CVE-2025-6011
CVE-2025-6011 describes a timing side-channel in Vault and Vault Enterprise's userpass authentication that could let an attacker distinguish existing vs non-existing usernames, enabling possible username enumeration. Root cause: timing differences during user existence checks in the Userpass meth...
CVE-2021-30476
HashiCorp Terraform’s Vault Provider terraform-provider-vault did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1...
BIT-VAULT-2025-3879 Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...
Hashicorp Vault Community vulnerable to Incorrect Authorization
Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...
GHSA-F9CH-H8J7-8JWG Hashicorp Vault Community vulnerable to Incorrect Authorization
Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...
CVE-2025-3879
Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...
PT-2025-18909 · Hashicorp +1 · Vault Community Edition +2
Name of the Vulnerable Software and Affected Versions: Vault Community Edition versions prior to 1.19.1 Vault Enterprise versions prior to 1.19.1, 1.18.7, 1.17.14, 1.16.18 Description: The Azure Auth method in Vault did not correctly validate the claims in the Azure-issued token. This resulted in...
CVE-2024-2660 Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7...
Improper Certificate Validation
github.com/hashicorp/vault is vulnerable to Improper Certificate Validation. The vulnerability is due to insufficient validation of client certificates when a non-CA certificate is configured as trusted. This flaw leads to authentication bypass using the TLS certificate auth method with non-CA...
BIT-VAULT-2023-24999 Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...
Enumeration of users in HashiCorp Vault
HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 CNF vRAN extras security update
An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS...
CVE-2023-24999
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...
CVE-2023-24999
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...
Denial of service
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above...
CVE-2022-41316
A flaw was found in HashiCorp Vault and Vault Enterprise. Vault’s TLS certificate auth method did not initially load the optionally-configured CRL issued by the role’s Certificate Authority CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been...