CVE-2023-5077

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-5077

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5077.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-5077

Aliases

Related

Published

2023-09-29T00:15:12Z

Modified

2024-10-12T11:13:09.889924Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.

References

https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Introduced

b97ec4912502a9f822151a6b0946df94946f8a53

Fixed

86d529e11503d177c5704f2f0269360ff23a741a

Affected versions

api/auth/approle/v0.*

api/auth/approle/v0.5.0

api/auth/approle/v0.6.0

api/auth/aws/v0.*

api/auth/aws/v0.5.0

api/auth/aws/v0.6.0

api/auth/azure/v0.*

api/auth/azure/v0.5.0

api/auth/gcp/v0.*

api/auth/gcp/v0.5.0

api/auth/gcp/v0.6.0

api/auth/kubernetes/v0.*

api/auth/kubernetes/v0.5.0

api/auth/kubernetes/v0.6.0

api/auth/ldap/v0.*

api/auth/ldap/v0.5.0

api/auth/ldap/v0.6.0

api/auth/userpass/v0.*

api/auth/userpass/v0.5.0

api/auth/userpass/v0.6.0

api/v1.*

api/v1.10.0

api/v1.11.0

api/v1.12.0

api/v1.12.1

api/v1.12.2

sdk/v0.*

sdk/v0.10.0

sdk/v0.10.1

sdk/v0.11.0

sdk/v0.11.1

sdk/v0.12.0