Lucene search
GitHub Advisory DatabaseGHSA-86C6-3G63-5W64HistorySep 29, 2023 - 12:30 a.m.
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
2023-09-2900:30:16
CWE-732
GitHub Advisory Database
github.com
14
hashicorp
vault
google cloud
secrets engine
iam conditions
rolesets
fixed vulnerability
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
18.0%
The Vault and Vault Enterprise (“Vault”) Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
Affected configurations
Node
hashicorpvaultRange<1.13.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hashicorp/vault | lt | 1.13.0 |
Related
prion
prion
Design/Logic Flaw
2023-09-29 00:15:00
cvelist
cvelist
osv
osv
BIT-vault-2023-5077
2024-03-06 11:08:23
CVE-2023-5077
2023-09-29 00:15:12
cgr
cgr
CVE-2023-5077 vulnerabilities
2024-05-19 03:07:16
nvd
nvd
CVE-2023-5077
2023-09-29 00:15:12
cve
cve
CVE-2023-5077
2023-09-29 00:15:12
wolfi
wolfi
CVE-2023-5077 vulnerabilities
2024-06-30 03:08:34
alpinelinux
alpinelinux
CVE-2023-5077
2023-09-29 00:15:12
veracode
veracode
Incorrect Authorization
2023-10-13 12:35:41
redhatcve
redhatcve
CVE-2023-5077
2023-10-04 05:25:17
redhat
redhat
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
18.0%
Related for GHSA-86C6-3G63-5W64