Alex Scheel

Name of the Vulnerable Software and Affected Versions: Vault Community and Vault Enterprise versions prior to 1.20.0 Vault Enterprise versions prior to 1.19.6, 1.18.11, 1.17.17, and 1.16.22 Description: The issue is related to uncontrolled cancellation by a Vault operator during rekey and recovery key operations, leading to a denial of service. Recommendations: For Vault Community Edition, update to version 1.20.0 or later. For Vault Enterprise, update to version 1.20.0, 1.19.6, 1.18.11, 1.17.17, or 1.16.22 or later. As a temporary workaround, consider restricting access to rekey and recovery key operations to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault versions prior to 1.15.9 HashiCorp Vault versions prior to 1.16.3 HashiCorp Vault versions prior to 1.17.0 Description: The issue arises from improper validation of the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may result in Vault validating a JWT even when the audience and role-bound claims do not match, allowing an invalid login to succeed. Recommendations: For versions prior to 1.15.9, update to version 1.15.9 or later. For versions prior to 1.16.3, update to version 1.16.3 or later. For versions prior to 1.17.0, update to version 1.17.0 or later.