Affected by GO-2023-1685
and 24 other vulnerabilities
GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault
GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault
GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault
GO-2023-2063: HashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault
GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault
GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault
GO-2024-2617: Authentication bypass in github.com/hashicorp/vault
GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault
GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault
GO-2024-2982: Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault
GO-2024-3162: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault
GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault
GO-2024-3246: Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault
GO-2025-3662: Hashicorp Vault Community vulnerable to Incorrect Authorization in github.com/hashicorp/vault
GO-2025-3663: Hashicorp Vault Community vulnerable to Generation of Error Message Containing Sensitive Information in github.com/hashicorp/vault
GO-2025-3836: Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault
GO-2025-3837: Hashicorp Vault has Privilege Escalation Vulnerability in github.com/hashicorp/vault
GO-2025-3838: Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration in github.com/hashicorp/vault
GO-2025-3839: Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users in github.com/hashicorp/vault
GO-2025-3841: Hashicorp Vault's TOTP Secrets Engine Susceptible to Code Reuse in github.com/hashicorp/vault
GO-2025-3842: Hashicorp Vault has Login MFA Rate Limit Bypass Vulnerability in github.com/hashicorp/vault
GO-2025-3848: HashiCorp Vault ldap auth method may not have correctly enforced MFA in github.com/hashicorp/vault
GO-2025-3924: HashiCorp Vault Community Edition Denial of Service Though Complex JSON Payloads in github.com/hashicorp/vault
GO-2025-4070: HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass in github.com/hashicorp/vault
type KeyManager interface {
// Returns a wrapping.Wrapper which can be used to perform key-related operations. Wrapper() wrapping.Wrapper// RetrievalToken is the material returned which can be used to source back the// encryption key. Depending on the implementation, the token can be the// encryption key itself or a token/identifier used to exchange the token.
RetrievalToken() ([]byte, error)
}
NewPassthroughKeyManager returns a new instance of the Kube encryption key.
If a key is provided, it will be used as the encryption key for the wrapper,
otherwise one will be generated.
RetrievalToken returns the key that was used on the wrapper since this key
manager is simply a passthrough and does not provide a mechanism to abstract
this key.
Affected by 
Documentation
¶
Source Files