PT-2020-16224 · Hashicorp · Vault Enterprise+1

Published

2020-09-30

Updated

2024-06-28

CVE-2020-25816

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Vault and Vault Enterprise versions 1.0 through 1.5.3

Description The issue allows leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. This is related to incorrect access control.

Recommendations For HashiCorp Vault and Vault Enterprise versions 1.0 through 1.4.6, update to version 1.4.7. For HashiCorp Vault and Vault Enterprise versions 1.5.0 through 1.5.3, update to version 1.5.4.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

BIT-VAULT-2020-25816

CVE-2020-25816

GHSA-57GG-CJ55-Q5G2

GO-2024-2514

Affected Products

Hashicorp Vault

Vault Enterprise

PT-2020-16224 · Hashicorp · Vault Enterprise+1

CVE-2020-25816

Weakness Enumeration

Related Identifiers

Affected Products

References · 12