CVE-2020-10660

Incorrect Default Permissions in go/github.com/hashicorp/vault/vault

Identifiers

GHSA-m979-w9wj-qfj9, CVE-2020-10660

Package Slug

go/github.com/hashicorp/vault/vault

Vulnerability

Incorrect Default Permissions

Description

HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.

Affected Versions

All versions starting from 0.9.0 before 1.3.4

Solution

Upgrade to version 1.3.4 or above.

Last Modified

2024-01-31

source