BIT-vault-2020-10660

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/vault/BIT-vault-2020-10660.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-vault-2020-10660

Aliases

CVE-2020-10660
GHSA-m979-w9wj-qfj9
GO-2024-2486

Published

2024-03-06T11:11:51.213Z

Modified

2025-03-24T17:31:38.612Z

Summary

[none]

Details

HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.

Database specific

{
    "cpes": [
        "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
        "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*"
    ],
    "severity": "Medium"
}

References

https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020
https://www.hashicorp.com/blog/category/vault/

Affected packages

Bitnami / vault

Package

Name: vault
Purl: pkg:bitnami/vault

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0.9.0

Fixed

1.3.4