exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 5

CVE-2025-6037

5 месяцев назад

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

CVSS3: 6.8

EPSS: Низкий

CVE-2025-6037

5 месяцев назад

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

CVSS3: 6.8

EPSS: Низкий

GHSA-6c5r-4wfc-3mcx

5 месяцев назад

Hashicorp Vault has Incorrect Validation for Non-CA Certificates

CVSS3: 6.8

EPSS: Низкий

BDU:2025-09561

5 месяцев назад

Уязвимость метода аутентификации платформ для архивирования корпоративной информации Vault Enterprise и Vault Community Edition, позволяющая нарушителю создать вредоносный сертификат

CVSS3: 6.8

EPSS: Низкий

ROS-20250905-07

3 месяца назад

Множественные уязвимости vault

CVSS3: 9.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2025-6037 Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+\|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.	CVSS3: 6.8	0% Низкий	5 месяцев назад
CVE-2025-6037 Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+\|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.	CVSS3: 6.8	0% Низкий	5 месяцев назад
GHSA-6c5r-4wfc-3mcx Hashicorp Vault has Incorrect Validation for Non-CA Certificates	CVSS3: 6.8	0% Низкий	5 месяцев назад
BDU:2025-09561 Уязвимость метода аутентификации платформ для архивирования корпоративной информации Vault Enterprise и Vault Community Edition, позволяющая нарушителю создать вредоносный сертификат	CVSS3: 6.8	0% Низкий	5 месяцев назад
ROS-20250905-07 Множественные уязвимости vault	CVSS3: 9.1		3 месяца назад

Уязвимостей на страницу