Topics tagged security-vault

Topic	Replies	Views	Activity
HCSEC-2026-08 - Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations Security security-vault	0	334	April 17, 2026
HCSEC-2026-07 - Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization Security security-vault	0	273	April 17, 2026
HCSEC-2026-06 - Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS Security security-vault	0	255	April 17, 2026
HCSEC-2026-05 - Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service Security security-vault	0	427	April 17, 2026
HCSEC-2025-21 - Vault User Enumeration in Userpass Auth Method Security security-vault	1	1837	February 13, 2026
HCSEC-2025-33 - Vault Terraform Provider Applied Incorrect Defaults for LDAP Auth Method Security security-vault , security-terraform	0	1363	November 21, 2025
HCSEC-2025-32 - Incomplete Fix For Previous Vault DoS Issue Security security-vault	0	459	October 23, 2025
HCSEC-2025-31- Vault Vulnerable to Denial of Service Due to Rate Limit Regression Security security-vault	0	1870	October 23, 2025
HCSEC-2025-30 - Vault AWS Auth Method Authentication Bypass Through Mishandling of Cache Entries Security security-vault	0	1635	October 23, 2025
HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads Security security-vault	0	2665	August 28, 2025
HCSEC-2025-13 - Vault Root Namespace Operator May Elevate Token Privileges Security security-vault	0	2353	August 1, 2025
HCSEC-2025-22 - Multiple Vulnerabilities Impacting HashiCorp Vault and Vault Enterprise Security security-vault	0	5813	August 6, 2025
HCSEC-2025-20 - Vault LDAP MFA Enforcement Bypass When Using Username As Alias Security security-vault	0	2045	August 6, 2025
HCSEC-2025-17 - Vault TOTP Secrets Engine Code Reuse Security security-vault	0	1486	August 1, 2025
HCSEC-2025-19 - Vault Login MFA Bypass of Rate Limiting and TOTP Token Reuse Security security-vault	0	1444	August 1, 2025
HCSEC-2025-18 - Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates Security security-vault	0	1463	August 1, 2025
HCSEC-2025-16 - Vault Userpass and LDAP User Lockout Bypass Security security-vault	0	1693	August 1, 2025
HCSEC-2025-15 - Timing Side-Channel in Vault’s Userpass Auth Method Security security-vault	0	1486	August 1, 2025
HCSEC-2025-14 - Privileged Vault Operator May Execute Code on the Underlying Host Security security-vault	0	5343	August 1, 2025
HCSEC-2025-11 Vault Vulnerable to Recovery Key Cancellation Denial of Service Security security-vault	0	1271	June 25, 2025
HCSEC-2025-09 - Vault May Expose Sensitive Information in Error Logs When Processing Malformed Data With the KV v2 Plugin Security security-vault	0	2197	May 2, 2025
HCSEC-2025-07 - Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login Security security-vault	0	1039	May 2, 2025
HCSEC-2024-26 - Vault Vulnerable to Denial of Service Through Memory Exhaustion When Processing Raft Cluster Join Requests Security security-vault	0	1786	October 31, 2024
HCSEC-2024-21 - Vault Operators in Root Namespace May Elevate Their Privileges Security security-vault	0	3187	October 10, 2024
HCSEC-2024-20 - Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default Security security-vault	0	2552	September 26, 2024
HCSEC-2024-18 - Vault Leaks Client Token and Token Accessor in Audit Devices Security security-vault	0	3046	August 31, 2024
HCSEC-2024-14 - Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior Security security-vault	0	2268	July 11, 2024
HCSEC-2024-11 - Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Security security-vault	0	4017	June 12, 2024
HCSEC-2024-10 - Vault Enterprise Leaks Sensitive HTTP Request Headers in Audit Log When Deployed With a Performance Standby Node Security security-vault	0	4146	April 30, 2024
HCSEC-2024-07 - Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses Security security-vault	0	5428	April 4, 2024