Lucene search

[email protected]NVD:CVE-2023-5077

HistorySep 29, 2023 - 12:15 a.m.

CVE-2023-5077

2023-09-2900:15:12

CWE-732

[email protected]

web.nvd.nist.gov

vault

google cloud

secrets engine

permissions

issue fix

version 1.13.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

The Vault and Vault Enterprise (“Vault”) Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.

Affected configurations

NVD

Node

hashicorpvaultRange0.10.0–1.13.0-

hashicorpvaultRange0.10.0–1.13.0enterprise

References

discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for NVD:CVE-2023-5077

prion1 cvelist1 osv3 cgr1 cve1 wolfi1 alpinelinux1 veracode1 redhatcve1 github1 redhat1