CVE-2020-16251

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-16251

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-16251.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-16251

Aliases

Published

2020-08-26T15:15:12.913Z

Modified

2026-02-11T12:45:00.134936Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVSS Calculator

Summary

[none]

Details

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Introduced

0f5c835d1cf91c00d01cb29a0048732d91357afa

Fixed

94100571da9270c35bce201fdf0ff859c2fb2125

Introduced

340cc2fa263f6cbd2861b41518da8a62c153e2e7

Fixed

acf61cc20e35dfa8d890ff778ecf26194642f85c

Introduced

6b29fb2b7f70ed538ee2b3c057335d706b6d4e36

Fixed

ef3b7ebddb821c4fa9ca7f82c2316d9859fdc349

Introduced

d808ace758b9bac5c84a9634ffbfae43c5f5a3ad

Fixed

9e78745ab1db6fe8ca76bf2d471ca7455d29ca83

Affected versions

api/v1.*

api/v1.0.1

api/v1.0.2

api/v1.0.3

api/v1.0.4

sdk/v0.*

sdk/v0.1.10

sdk/v0.1.11

sdk/v0.1.12

sdk/v0.1.13

sdk/v0.1.8

sdk/v0.1.9

v0.*

v0.10.0

v0.10.0-rc1

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.11.0

v0.11.0-beta1

v0.11.1

v0.11.2

v0.11.3

v0.11.4

v0.8.3

v0.9.0

v0.9.1

v0.9.2

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v1.*

v1.0.0

v1.0.0-beta1

v1.0.0-beta2

v1.0.0-rc1

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.0-beta1

v1.1.0-beta2

v1.1.1

v1.1.2

v1.2.0

v1.2.0-beta1

v1.2.0-beta2

v1.2.0-rc1

v1.2.1

v1.2.2

v1.2.3

v1.4.0-beta1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-16251.json"