CNNVD-202511-2462 Information

CNNVD ID

CNNVD-202511-2462

Related CVE

CVE-2025-13357

• CNNVD Published: 2025-11-21

Description (Chinese)

HashiCorp Vault Terraform Provider是美国HashiCorp公司的一个密钥管理工具。 HashiCorp Vault Terraform Provider存在安全漏洞，该漏洞源于默认配置不安全，可能导致身份验证绕过。

Description (English)

HashiCorp Vault Terraform Production is a key management tool for HashiCorp in the United States. There is a security loophole in HashiCorp Vault Terraform Production, which stems from the lack of security in the default configuration and may lead to a circumvention of identification.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

HashiCorp

Published

2025-11-21

Last Modified

2026-02-24

References

https://discuss.hashicorp.com/t/hcsec-2025-33-vault-terraform-provider-applied-incorrect-defaults-for-ldap-auth-method/76822 https://access.redhat.com/security/cve/cve-2025-13357

Patch

https://discuss.hashicorp.com/t/hcsec-2025-33-vault-terraform-provider-applied-incorrect-defaults-for-ldap-auth-method/76822