GHSA-86C6-3G63-5W64 Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability

The Vault and Vault Enterprise "Vault" Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0...

Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability

The Vault and Vault Enterprise "Vault" Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0...

CVE-2023-5077 Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets

The Vault and Vault Enterprise "Vault" Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0...

CVE-2023-5077 Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets

The Vault and Vault Enterprise "Vault" Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0...

PT-2023-9289 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault versions prior to 1.13.0 Description: The issue is related to the Google Cloud secrets engine in HashiCorp Vault and Vault Enterprise, where existing Google Cloud IAM Conditions were not preserved upon creating or updating...