Authorization Bypass

github.com/hashicorp/terraform-provider-vault is vulnerable to authorization bypass. The insecure configuration in GCE-type bound labels for GCP auth method could allow for an attacker to bypass authorization and access otherwise restricted actions...

CVE-2021-30476

HashiCorp Terraform’s Vault Provider terraform-provider-vault did not correctly configure GCE-type bound labels for Vault’s GCP auth method. Fixed in 2.19.1...

CVE-2021-30476

HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Vault’s GCP auth method, enabling an overly permissive binding. Root cause: misconfiguration in bound labels. Affected version range is not specified in the provided details; reme...

Information Disclosure

github.com/hashicorp/vault is vulnerable to information disclosure. The vulnerability is possible because the error messages returned by the LDAP auth methold allows user enumeration...

CVE-2020-16251

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1...

Remote file inclusion

PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the authmethod parameter to 1 index.php, 2 list.php, 3 postreview.php, 4 reindex.php, 5 sections.php, 6 templates.php, 7 userinfo.php, 8 users.php, and 9 view.php...

PT-2007-3426 · Mobilepublisher · Mobilepublisherphp

Name of the Vulnerable Software and Affected Versions: MobilePublisherphp version 1.1.2 Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the auth method parameter to various PHP files in the admin directory, including "index.php",...