Lucene search
Veracode Vulnerability DatabaseVERACODE:43821HistoryOct 13, 2023 - 12:35 p.m.
Incorrect Authorization
2023-10-1312:35:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
incorrect authorization
vulnerability
policy update
iam
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
18.0%
Vault is vulnerable to Incorrect Authorization. The vulnerability is due to ChangeBindings function in iam_policy.go not checking if the number of conditions in the policy didn’t change after policy update.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hashicorp/vault-plugin-secrets-kv | le | v0.14.3 | |
| github.com/hashicorp/vault-plugin-secrets-kv | le | v0.14.3 |
Related
prion
prion
Design/Logic Flaw
2023-09-29 00:15:00
cvelist
cvelist
osv
osv
BIT-vault-2023-5077
2024-03-06 11:08:23
CVE-2023-5077
2023-09-29 00:15:12
cgr
cgr
CVE-2023-5077 vulnerabilities
2024-05-19 03:07:16
nvd
nvd
CVE-2023-5077
2023-09-29 00:15:12
cve
cve
CVE-2023-5077
2023-09-29 00:15:12
wolfi
wolfi
CVE-2023-5077 vulnerabilities
2024-06-30 03:08:34
alpinelinux
alpinelinux
CVE-2023-5077
2023-09-29 00:15:12
redhatcve
redhatcve
CVE-2023-5077
2023-10-04 05:25:17
github
github
redhat
redhat
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
18.0%
Related for VERACODE:43821