Lucene search
K

24 matches found

CVE
CVE
added 2021/10/11 2:52 a.m.87 views

CVE-2021-42135

CVE-2021-42135 affects HashiCorp Vault and Vault Enterprise 1.8.x–1.8.4, describing an unexpected interaction between glob-related policies and the Google Cloud secrets engine. The root cause is a policy-glob interaction that may grant more privileges than intended, e.g., a user with read access ...

8.1CVSS7.7AI score0.00755EPSS
Exploits0References1Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2021/10/07 8:55 p.m.7 views

Vault's Google Cloud Secrets Engine Policies With Globs May Provide Additional Privileges in Vault 1.8.0 Onwards

Summary The Google Cloud secrets engine in Vault or Vault Enterprise “Vault” 1.8.0 and above may provide users, under specific conditions, with more privileges than in prior versions. Due to changes in the underlying functionality of the Google Cloud secrets engine, policies that use globs may...

8.1CVSS6.9AI score0.00755EPSS
Exploits0
SonarSource Blog
SonarSource Blog
added 2021/08/03 12:0 a.m.25 views

Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe

Most digital applications we work on require some type of credentials –– to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials a.k.a ‘Secrets’ are pieces of user or system level...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2020/06/10 12:0 a.m.9 views

PT-2020-13247 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.4.0 through 1.4.1 Description: The issue arises when HashiCorp Vault and Vault Enterprise are configured with the GCP Secrets Engine, potentially leading to the incorrect generation of GCP...

9.8CVSS7.2AI score0.01522EPSS
Exploits0References11
Rows per page
Query Builder