BIT-vault-2025-6014
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/vault/BIT-vault-2025-6014.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-vault-2025-6014
- Aliases
- Published
- 2025-08-05T08:53:01.354Z
- Modified
- 2025-08-11T18:14:48.761663Z
- Summary
- Vault TOTP Secrets Engine Code Reuse
- Details
-
Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
- Database specific
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:go:*:*", "cpe:2.3:a:hashicorp:vault:*:*:*:*:community:go:*:*" ] }- References
Affected packages
Bitnami / vault
Package
- Name
- vault
- Purl
- pkg:bitnami/vault
Severity
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator