CVE-2020-10660

Published: Mar 23, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.

Affected (2)

Products: Hashicorp: Vault

Hashicorp

1 product

Vault

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Hashicorp Vault	From 0.9.0 to 1.3.3
Hashicorp Vault	From 0.9.0 to 1.3.3

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020

Source: cve@mitre.org

Third Party Advisory

https://www.hashicorp.com/blog/category/vault/

Source: cve@mitre.org

Vendor Advisory

https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.hashicorp.com/blog/category/vault/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.