CVE-2020-16251
published 2020-08-26CVE-2020-16251: HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed…
PriorityP353high8.2CVSS 3.1
AVNACLPRNUINSUCLIHAN
EPSS
2.96%
85.5th percentile
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 0.8.3 < 1.2.5 | 1.2.5 |
| github.com | hashicorp_vault | >= 1.3.0 < 1.3.8 | 1.3.8 |
| github.com | hashicorp_vault | >= 1.4.0 < 1.4.4 | 1.4.4 |
| github.com | hashicorp_vault | >= 1.5.0 < 1.5.1 | 1.5.1 |
| hashicorp | vault | >= 0.8.3 < 1.2.5 | 1.2.5 |
| hashicorp | vault | >= 1.3.0 < 1.3.8 | 1.3.8 |
| hashicorp | vault | >= 1.4.0 < 1.4.4 | 1.4.4 |
| hashicorp | vault | >= 1.5.0 < 1.5.1 | 1.5.1 |
CVSS provenance
nvdv3.18.2HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat8.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
HashiCorp Vault Authentication bypass in github.com/hashicorp/vault
osv·2024-06-28
CVE-2020-16251 HashiCorp Vault Authentication bypass in github.com/hashicorp/vault
HashiCorp Vault Authentication bypass in github.com/hashicorp/vault
HashiCorp Vault Authentication bypass in github.com/hashicorp/vault
GHSA
HashiCorp Vault Authentication bypass
ghsa·2024-01-31
CVE-2020-16251 [HIGH] CWE-287 HashiCorp Vault Authentication bypass
HashiCorp Vault Authentication bypass
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
OSV
HashiCorp Vault Authentication bypass
osv·2024-01-31
CVE-2020-16251 [HIGH] HashiCorp Vault Authentication bypass
HashiCorp Vault Authentication bypass
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
Red Hat
vault: GCP Auth Method Allows Authentication Bypass
vendor_redhat·2020-08-26·CVSS 8.2
CVE-2020-16251 [HIGH] CWE-287 vault: GCP Auth Method Allows Authentication Bypass
vault: GCP Auth Method Allows Authentication Bypass
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
A flaw was found in Vault and Vault Enterprise (“Vault”). In affected versions of Vault, with the GCP Auth Method configured and under certain circumstances, the values relied upon by Vault to validate Google Compute Engine (GCE) VMs may be manipulated and bypass authentication.
Package: openshift-logging/logging-loki-rhel9 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: openshift4/ose-installer-rhel9 (Red Hat OpenShift Container Platform 4) - Not affected
Package: ocs4/cephcsi-rhel8 (Red Hat Openshift Container Storage 4) -
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.htmlhttps://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151https://www.hashicorp.com/blog/category/vault/http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.htmlhttps://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151https://www.hashicorp.com/blog/category/vault/
2020-08-26
Published