2 matches found
CVE-2025-6015
Vault and Vault Enterprise’s “Vault” login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...
Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Summary Vault and Vault Enterprise did not properly validate the JSON Web Token JWT role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT with audience and role-bound claims that do not match, allowing an invalid login to succeed when it...