CVE-2020-10660
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-10660
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10660.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-10660
- Aliases
- Published
- 2020-03-23T13:15:13Z
- Modified
- 2025-01-08T06:36:21.419402Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
- References
Affected packages
Git / github.com/hashicorp/vault
Affected versions
api/v1.*
api/v1.0.1
api/v1.0.2
api/v1.0.3
api/v1.0.4
sdk/v0.*
sdk/v0.1.10
sdk/v0.1.11
sdk/v0.1.12
sdk/v0.1.13
sdk/v0.1.8
sdk/v0.1.9
v0.*
v0.10.0
v0.10.0-rc1
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.11.0
v0.11.0-beta1
v0.11.1
v0.11.2
v0.11.3
v0.11.4
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
v0.9.6
v1.*
v1.0.0
v1.0.0-beta1
v1.0.0-beta2
v1.0.0-rc1
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.0-beta1
v1.1.0-beta2
v1.1.1
v1.1.2
v1.2.0
v1.2.0-beta1
v1.2.0-beta2
v1.2.0-rc1
v1.3.3