PT-2020-12271 · Hashicorp · Vault Enterprise+1

Published

2020-03-23

Updated

2024-06-28

CVE-2020-10660

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3

Description The issue arises when an Entity's Group membership inadvertently includes Groups the Entity no longer has permissions to, under certain circumstances.

Recommendations For HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3, update to version 1.3.4 to resolve the issue.

Fix

Improper Privilege Management

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-276

Related Identifiers

BIT-VAULT-2020-10660

CVE-2020-10660

GHSA-M979-W9WJ-QFJ9

GO-2024-2486

Affected Products

Hashicorp Vault

Vault Enterprise

PT-2020-12271 · Hashicorp · Vault Enterprise+1

CVE-2020-10660

Weakness Enumeration

Related Identifiers

Affected Products

References · 12