SUSE CVE-2025-3879

Vault Community, Vault Enterprise "Vault" Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when operator-imposed boundlocations restrictions are in effect, due to missing validation of Azure-issued JWTs against vmname or vmssname values. A user can bypass the intended geographic restrictions by...

CVE-2025-3879

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

HashiCorp Vault Enterprise和HashiCorp Vault Community 安全漏洞

HashiCorp Vault Enterprise and HashiCorp Vault Community are both products of HashiCorp, Inc. of the U.S. HashiCorp Vault Enterprise is an enterprise information archiving platform.HashiCorp Vault Community is a key management engine. HashiCorp Vault Community is a key management engine used to...