297 matches found
Security Bulletin: Vault AWS Auth Method Authentication Bypass Through Mishandling of Cache Entries
Summary Vault and Vault Enterprise’s “Vault” AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault...
SUSE CVE-2025-6037
Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...
SUSE CVE-2025-6015
Vault and Vault Enterprise's “Vault” login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
EUVD-2026-23362
Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...
CVE-2026-5807
Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...
CVE-2026-5807
Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...
HashiCorp Vault和HashiCorp Vault Enterprise 安全漏洞
HashiCorp Vault and HashiCorp Vault Enterprise are products developed by HashiCorp, a company based in the United States. HashiCorp Vault is a private key access management tool. HashiCorp Vault Enterprise is an enterprise information archiving platform. There were security vulnerabilities in...
HashiCorp Vault和HashiCorp Vault Enterprise 安全漏洞
HashiCorp Vault and HashiCorp Vault Enterprise are products developed by HashiCorp, a company based in the United States. HashiCorp Vault is a private key access management tool. HashiCorp Vault Enterprise is an enterprise information archiving platform. There were security vulnerabilities in...
ROS-20251128-03
A vulnerability in the Vault access control system and Vault enterprise information archiving platform Enterprise is related to authentication bypass using an alternate path or channel in AWS authentication method. AWS authentication method. Exploitation of the vulnerability could allow an attack...
ROS-20251125-05
A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to authentication bypass using an alternate path or channel in AWS authentication method AWS authentication method. Exploitation of the vulnerability could allow an attacker acting...
GO-2025-4070 HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault...
GO-2025-4071 Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON in github.com/hashicorp/vault...
BIT-VAULT-2025-11621 Vault AWS auth method bypass due to AWS client cache
Vault and Vault Enterprise’s “Vault” AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise...
GHSA-VP5W-XCFC-73WF Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON
Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...
Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON
Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...
HashiCorp Vault Enterprise 安全漏洞
HashiCorp Vault Enterprise is an enterprise information archiving platform from HashiCorp, Inc. in the United States. A security vulnerability exists in HashiCorp Vault Enterprise that stems from not applying rate limiting when processing JSON payloads, which could lead to a denial of service...
HashiCorp Vault Enterprise 安全漏洞
HashiCorp Vault Enterprise is an enterprise information archiving platform from HashiCorp, Inc. in the United States. A security vulnerability exists in HashiCorp Vault Enterprise versions 1.21.0, 1.20.5, 1.19.11, and 1.16.27, which stems from the same or wildcard use of the boundprincipaliam rol...
ROS-20251020-05
Vulnerability in the audit subroutine of the enterprise information archiving platforms Vault Enterprise and Vault Community Edition is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending...
EUVD-2023-44408
Malicious code in bioql PyPI...
EUVD-2024-3041
Malicious code in bioql PyPI...