GHSA-m979-w9wj-qfj9, CVE-2020-10660
go/github.com/hashicorp/vault/vault
Incorrect Default Permissions
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
All versions starting from 0.9.0 before 1.3.4
Upgrade to version 1.3.4 or above.
2024-01-31
source |