GHSA-9g4h-h484-3578

Опубликовано: 23 окт. 2025

Источник: github

Github: Прошло ревью

CVSS3: 8.1

Описание

HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass

Vault and Vault Enterprise's ("Vault") AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27.

Ссылки

Пакеты

Наименование

github.com/hashicorp/vault

Затронутые версииВерсия исправления

>= 0.6.0, < 1.21.0

1.21.0

EPSS

Процентиль: 16%

0.00051

Низкий

8.1 High

CVSS3

CVE ID

CVE-2025-11621

Дефекты

CWE-288

Связанные уязвимости

CVE-2025-11621

CVSS3: 8.1

nvd

около 1 месяца назад

Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27

ROS-20251125-05

CVSS3: 8.1

redos

6 дней назад

Уязвимость vault

ROS-20251128-03

CVSS3: 8.1

redos

3 дня назад

Множественные уязвимости vault

EPSS

Процентиль: 16%

0.00051

Низкий

8.1 High

CVSS3

CVE ID

CVE-2025-11621

Дефекты

CWE-288