CNNVD-202508-082 Information
CNNVD ID
CNNVD-202508-082
Related CVE
- CNNVD Published: 2025-08-01
Description (Chinese)
HashiCorp Vault Enterprise和HashiCorp Vault Community Edition都是美国HashiCorp公司的产品。HashiCorp Vault Enterprise是一个企业信息归档平台。HashiCorp Vault Community Edition是一款密钥管理工具。 HashiCorp Vault Community Edition 1.20.1之前版本和HashiCorp Vault Enterprise 1.20.1、1.19.7、1.18.12和1.16.23之前版本存在安全漏洞,该漏洞源于MFA速率限制绕过和TOTP令牌重用,可能导致安全验证绕过。
Description (English)
HashiCorpVault Enterprise and HashiCorpVault Community Equality are products of the United States company HashiCorp. HashiCorp Vault Enterprise is a corporate information archiving platform. HashiCorpVault Commission is a key management tool. There is a security loophole in HashiCorpVault Commission 1.20.0.1 and HashiCorpVault Enterprise 1.20.0.1, 1.19.7, 1.18.12 and 1.16.23, which stems from the MFA speed limit bypassing and the reuse of TOTP commands, which may result in a security clearance bypassing.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
HashiCorp
Published
2025-08-01
Last Modified
2026-02-24