2 matches found
Insertion of Sensitive Information Into Sent Data
Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data through the CheckToken request handling in vault/requesthandling.go. An attacker can cause Vault to forward a...
Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization
Summary If a Vault auth mount is configured to pass through the “Authorization” header, and the “Authorization” header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. This issue, CVE-2026-4525, is fixed in Vault Community Edition 2.0.0 and Vault...