Affected by GO-2023-1685
and 12 other vulnerabilities
GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault
GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault
GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault
GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault
GO-2023-2063: HashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault
GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault
GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault
GO-2024-2617: Authentication bypass in github.com/hashicorp/vault
GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault
GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault
GO-2024-3162: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault
GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault
Package mfa provides wrappers to add multi-factor authentication
to any auth method.
To add MFA to a backend, replace its login path with the
paths returned by MFAPaths and add the additional root
paths returned by MFARootPaths. The backend provides
the username to the MFA wrapper in Auth.Metadata['username'].
To add an additional MFA type, create a subpackage that
implements [Type]Paths, [Type]RootPaths, and [Type]Handler
functions and add them to MFAPaths, MFARootPaths, and
handlers respectively.
MFAPaths returns paths to wrap the original login path and configure MFA.
When adding MFA to a backend, these paths should be included instead of
the login path in Backend.Paths.