3 matches found
Security Bulletin: A security vulnerability in Vault affects Bastion Service of IBM Cloud Pak for Multicloud Management
Summary A security vulnerability in Vault affects Bastion Service of IBM Cloud Pak for Multicloud Managemen 2.2.0 and previous version Vulnerability Details CVEID: CVE-2020-12757 DESCRIPTION: HashiCorp Vault and Vault Enterprise could allow a remote attacker to bypass security restrictions, cause...
Vault's GCP Secrets Engine Service Account Keys Not Enforcing Configured TTL
Summary Vault and Vault Enterprise versions 1.3.5/1.4.0 through 1.4.2, configured with the GCP Secrets Engine may, under certain circumstances, incorrectly generate GCP Credentials with the default time-to-live lease duration, instead of the engine configured setting. This may lead to generated G...
CVE-2020-12757
HashiCorp Vault and Vault Enterprise 1.4.0/1.4.1, when using the GCP Secrets Engine, could generate GCP Credentials with the default TTL instead of the engine-configured TTL, making credentials valid longer than intended. This vulnerability is mitigated by upgrading to 1.4.2. Affected component i...