Lucene search
+L

4 matches found

hashicorp
hashicorp
added 2025/08/06 10:1 a.m.9 views

Vault LDAP MFA Enforcement Bypass When Using Username As Alias

Summary Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. This vulnerability, CVE-2025-6013, is fixed in Vault Community Edition 1.20.2 and...

8.1CVSS6.6AI score0.00502EPSS
Exploits0Affected Software1
hashicorp
hashicorp
added 2024/08/31 12:59 a.m.6 views

Vault Leaks Client Token and Token Accessor in Audit Devices

Summary Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors...

6.5CVSS6.6AI score0.00474EPSS
Exploits0Affected Software2
hashicorp
hashicorp
added 2024/06/12 6:47 p.m.10 views

Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Summary Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT with audience and role-bound claims that do not match, allowing an invalid login to succeed when it...

7.5CVSS6.3AI score0.00343EPSS
Exploits0Affected Software1
hashicorp
hashicorp
added 2021/10/07 8:50 p.m.7 views

Vault Merging Multiple Entity Aliases for the Same Mount May Allow Privilege Escalation

Summary A Vault or Vault Enterprise “Vault” user with write permission to an entity alias ID sharing a mount accessor with another user may acquire this other user’s policies by merging their identities. This vulnerability, CVE-2021-41802, was fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4...

5.5CVSS6.2AI score0.00589EPSS
Exploits0Affected Software2
Rows per page
Query Builder