BIT-vault-2025-6015
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/vault/BIT-vault-2025-6015.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-vault-2025-6015
- Aliases
- Published
- 2025-08-05T08:53:03.218Z
- Modified
- 2025-08-11T18:14:45.267643Z
- Summary
- Vault Login MFA Bypass of Rate Limiting and TOTP Code Reuse
- Details
-
Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
- Database specific
{ "cpes": [ "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:go:*:*", "cpe:2.3:a:hashicorp:vault:*:*:*:*:community:go:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / vault
Package
- Name
- vault
- Purl
- pkg:bitnami/vault
Severity
- 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator