cbcvebase.
CVE-2020-25816
published 2020-09-30

CVE-2020-25816: HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not…

PriorityP433medium6.8CVSS 3.1
AVNACHPRLUINSUCHIHAN
EPSS
1.01%
58.8th percentile
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.

Affected

4 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_vault>= 1.0.0 < 1.5.41.5.4
github.comhashicorp_vault>= 1.0.0-beta1 < 1.5.41.5.4
hashicorpvault>= 1.0.0 < 1.4.71.4.7
hashicorpvault>= 1.5.0 < 1.5.41.5.4

CVSS provenance

nvdv3.16.8MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.04.9MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:N
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.