Lucene search
K

84 matches found

Github Security Blog
Github Security Blog
added 2025/08/01 6:31 p.m.11 views

Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse

Vault and Vault Enterprise’s “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

6.5CVSS7.3AI score0.00356EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/01 6:15 p.m.7 views

CVE-2025-6014

Vault and Vault Enterprise’s “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

6.5CVSS7.3AI score
Exploits0References1
NVD
NVD
added 2025/08/01 6:15 p.m.8 views

CVE-2025-6014

Vault and Vault Enterprise’s “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

6.5CVSS0.00356EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/01 5:50 p.m.12 views

CVE-2025-6014 Vault TOTP Secrets Engine Code Reuse

Vault and Vault Enterprise’s “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

6.5CVSS0.00356EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/01 5:50 p.m.7 views

CVE-2025-6014 Vault TOTP Secrets Engine Code Reuse

Vault and Vault Enterprise’s “Vault” TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

6.5CVSS6.7AI score0.00356EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:49 a.m.51 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.8.1 Vulnerability Details CVEID:CVE-2024-27043 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvbregisterdevice, pdvbdev is set equal...

8.8CVSS10AI score0.02224EPSS
Exploits3Affected Software1
OSV
OSV
added 2024/10/09 8:29 p.m.8 views

GO-2024-3162 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault...

8.8CVSS7.4AI score0.00269EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/10/01 5:30 p.m.56 views

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.17.0 bug fix and security update

Red Hat OpenShift Container Platform release 4.17.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

9.9CVSS7.1AI score0.9378EPSS
Exploits8References844
OSV
OSV
added 2024/09/30 9:10 a.m.6 views

BIT-VAULT-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...

8.8CVSS7.4AI score0.00269EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/09/26 9:44 p.m.8 views

CVE-2024-7594

A flaw was found in Hashicorp Vault. Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s...

7.5CVSS7.3AI score0.00269EPSS
Exploits0References4
OSV
OSV
added 2024/09/26 9:31 p.m.6 views

GHSA-JG74-MWGW-V6X3 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...

7.7CVSS7.4AI score0.00269EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/09/26 9:31 p.m.20 views

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...

8.8CVSS6.8AI score0.00269EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2024/09/26 8:15 p.m.4 views

CVE-2024-7594

Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...

8.8CVSS8AI score
Exploits0References2
CVE
CVE
added 2024/09/26 7:52 p.m.287 views

CVE-2024-7594

CVE-2024-7594 affects Vault’s SSH secrets engine. By default, if the fields valid_principals and default_user are not configured, an SSH certificate requested by an authorized user could authenticate as any user on the host. This is mitigated by upgrading to Vault Community Edition 1.17.6 or Vaul...

8.8CVSS7.8AI score0.00269EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/26 7:52 p.m.9 views

CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...

7.5CVSS6.9AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/26 7:52 p.m.15 views

CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and defaultuser fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to...

7.5CVSS0.00269EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.4 views

PT-2024-38439

Name of the Vulnerable Software and Affected Versions HashiCorp Vault Community Edition versions prior to 1.17.6 HashiCorp Vault Enterprise versions prior to 1.17.6, 1.16.10, and 1.15.15 Description The issue arises from the SSH secrets engine not requiring the valid principals list to contain a...

9.9CVSS7.8AI score0.97781EPSS
Exploits21References152
RedhatCVE
RedhatCVE
added 2024/08/27 7:39 a.m.23 views

CVE-2023-4680

A flaw was found in HashiCorp Vault and Vault Enterprise, where the transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:11 a.m.23 views

BIT-VAULT-2020-25594

HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7...

5.3CVSS5.7AI score0.01355EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:10 a.m.11 views

BIT-VAULT-2021-42135

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/ path may be abl...

8.1CVSS7.8AI score0.00755EPSS
Exploits0References2
Rows per page
Query Builder