Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/04 5:11 p.m.25 views

CVE-2025-3879

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

6.6CVSS6.8AI score0.00351EPSS
Exploits0References4
Circl
Circl
added 2025/05/02 5:16 p.m.26 views

CVE-2025-3879

creationtimestamp| type| source ---|---|--- 2025-05-02 17:16:30+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114439368851563083 2025-05-02 17:16:37+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14533 2025-05-02 17:34:21+00:00| seen|...

8.8CVSS6.6AI score0.00351EPSS
Exploits0References5
NVD
NVD
added 2025/05/02 5:15 p.m.34 views

CVE-2025-3879

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

8.8CVSS0.00351EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/02 4:15 p.m.10 views

CVE-2025-3879 Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

6.6CVSS6.5AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2025/05/02 4:15 p.m.4 views

CVE-2025-3879 Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

6.6CVSS6.8AI score0.00351EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/02 4:15 p.m.32 views

CVE-2025-3879 Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login

Vault Community, Vault Enterprise “Vault” Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the boundlocations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18...

6.6CVSS0.00351EPSS
Exploits0References1
Rows per page
Query Builder