Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:LHashicorp Vault
APPHashicorp1.14.8 – 1.16.22 (bez)1.14.8 – 1.20.0 (bez)1.17.0 – 1.17.17 (bez)1.18.0 – 1.18.11 (bez)1.19.0 – 1.19.6 (bez)
Powiązane podatności
HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity...
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an...
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vaul...
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorre...