CVE-2020-16251

Improper Authentication in go/github.com/hashicorp/vault/vault

Identifiers

GHSA-4mp7-2m29-gqxf, CVE-2020-16251

Package Slug

go/github.com/hashicorp/vault/vault

Vulnerability

Improper Authentication

Description

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.

Affected Versions

All versions starting from 0.8.3 before 1.2.5, all versions starting from 1.3.0 before 1.3.8, all versions starting from 1.4.0 before 1.4.4, all versions starting from 1.5.0 before 1.5.1

Solution

Upgrade to versions 1.2.5, 1.3.8, 1.4.4, 1.5.1 or above.

Last Modified

2024-01-31

source