5 matches found
BIT-VAULT-2025-3879 Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login
Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...
GHSA-F9CH-H8J7-8JWG Hashicorp Vault Community vulnerable to Incorrect Authorization
Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...
Hashicorp Vault Community vulnerable to Incorrect Authorization
Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...
CVE-2025-3879
Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...
PT-2025-18909 · Hashicorp +1 · Vault Community Edition +2
Name of the Vulnerable Software and Affected Versions: Vault Community Edition versions prior to 1.19.1 Vault Enterprise versions prior to 1.19.1, 1.18.7, 1.17.14, 1.16.18 Description: The Azure Auth method in Vault did not correctly validate the claims in the Azure-issued token. This resulted in...