GO-2025-3841 Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse in github.com/hashicorp/vault

Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse in github.com/hashicorp/vault...

GO-2025-3842 Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault

Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault...

Denial Of Service (DoS)

github.com/hashicorp/vault is vulnerable to Denial Of Service DoS. The vulnerability is due to uncontrolled cancellation during rekey and recovery key operations by a Vault operator, which allows an attacker to disrupt service availability...

Information Disclosure

github.com/hashicorp/vault is vulnerable to information disclosure. The vulnerability is due to insufficient input validation or improper handling of malformed payloads, which allows an attacker to expose sensitive information by triggering logging of secret data during secret creation or update...

Improper Authorization

github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability exists because the PKI mount issuer endpoints do not correctly authorize access to remove an issuer or modify issuer metadata which allows an attacker to cause an application crash...