24 matches found
CVE-2021-42135
CVE-2021-42135 affects HashiCorp Vault and Vault Enterprise 1.8.x–1.8.4, describing an unexpected interaction between glob-related policies and the Google Cloud secrets engine. The root cause is a policy-glob interaction that may grant more privileges than intended, e.g., a user with read access ...
Vault's Google Cloud Secrets Engine Policies With Globs May Provide Additional Privileges in Vault 1.8.0 Onwards
Summary The Google Cloud secrets engine in Vault or Vault Enterprise “Vault” 1.8.0 and above may provide users, under specific conditions, with more privileges than in prior versions. Due to changes in the underlying functionality of the Google Cloud secrets engine, policies that use globs may...
Launching ‘Secret Detection’ to keep your Cloud ‘Secrets’ safe
Most digital applications we work on require some type of credentials –– to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials a.k.a ‘Secrets’ are pieces of user or system level...
PT-2020-13247 · Hashicorp +1 · Hashicorp Vault +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.4.0 through 1.4.1 Description: The issue arises when HashiCorp Vault and Vault Enterprise are configured with the GCP Secrets Engine, potentially leading to the incorrect generation of GCP...