GHSA-m979-w9wj-qfj9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m979-w9wj-qfj9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-m979-w9wj-qfj9/GHSA-m979-w9wj-qfj9.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-m979-w9wj-qfj9
- Aliases
- Published
- 2024-01-30T23:40:43Z
- Modified
- 2024-09-16T17:23:48Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- HashiCorp Vault Improper Privilege Management
- Details
-
HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-269" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-30T23:40:43Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-10660
- https://github.com/hashicorp/vault/pull/8606
- https://github.com/hashicorp/vault/commit/18485ee9d4352ac8e8396c580b5941ccf8e5b31a
- https://github.com/hashicorp/vault
- https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020
- https://www.hashicorp.com/blog/category/vault
Affected packages
Go / github.com/hashicorp/vault
Package
- Name
- github.com/hashicorp/vault
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/hashicorp/vault