BIT-vault-2020-16251

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/vault/BIT-vault-2020-16251.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-vault-2020-16251
Aliases
Published
2024-03-06T11:11:33.205Z
Modified
2024-06-28T15:58:42.389120Z
Summary
[none]
Details

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.

References

Affected packages

Bitnami / vault

Package

Name
vault
Purl
pkg:bitnami/vault

Severity

  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0.8.3
Fixed
1.2.5
Introduced
1.3.0
Fixed
1.3.8
Introduced
1.4.0
Fixed
1.4.4
Introduced
1.5.0
Fixed
1.5.1