CVE-2020-16251
First published: Wed Aug 26 2020(Updated: )
A vulnerability was identified in Vault and Vault Enterprise (“Vault”) such that, with the GCP Auth Method configured and under certain circumstances, the values relied upon by Vault to validate Google Compute Engine (GCE) VMs may be manipulated and authentication bypassed. <a href="https://www.hashicorp.com/blog/category/vault/">https://www.hashicorp.com/blog/category/vault/</a> <a href="https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151">https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151</a> <a href="http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html">http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html</a>
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Vault | >=0.8.3<1.2.5 | |
| HashiCorp Vault | >=1.3.0<1.3.8 | |
| HashiCorp Vault | >=1.4.0<1.4.4 | |
| HashiCorp Vault | >=1.5.0<1.5.1 | |
| HashiCorp Vault | >=0.8.3<1.2.5 | |
| HashiCorp Vault | >=1.3.0<1.3.8 | |
| HashiCorp Vault | >=1.4.0<1.4.4 | |
| HashiCorp Vault | >=1.5.0<1.5.1 | |
| redhat/vault | <1.2.5 | 1.2.5 |
| redhat/vault | <1.3.8 | 1.3.8 |
| redhat/vault | <1.4.4 | 1.4.4 |
| redhat/vault | <1.5.1 | 1.5.1 |
| go/github.com/hashicorp/vault | >=1.5.0<1.5.1 | 1.5.1 |
| go/github.com/hashicorp/vault | >=1.4.0<1.4.4 | 1.4.4 |
| go/github.com/hashicorp/vault | >=1.3.0<1.3.8 | 1.3.8 |
| go/github.com/hashicorp/vault | >=0.8.3<1.2.5 | 1.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html
- https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151
- https://www.hashicorp.com/blog/category/vault/
- https://access.redhat.com/errata/RHSA-2023:2138
- https://access.redhat.com/security/cve/cve-2020-16251
- https://access.redhat.com/errata/RHSA-2023:3742
- https://bugzilla.redhat.com/show_bug.cgi?id=2167340
- https://nvd.nist.gov/vuln/detail/CVE-2020-16251
- https://github.com/advisories/GHSA-4mp7-2m29-gqxf (Advisory)
- https://www.hashicorp.com/blog/category/vault
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
CVE-2020-16251.
What is the affected software?
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method.
What is the severity of CVE-2020-16251?
The severity of CVE-2020-16251 is high, with a CVSS score of 8.2.
How can I fix CVE-2020-16251?
The vulnerability has been fixed in versions 1.2.5, 1.3.8, 1.4.4, and 1.5.1 of HashiCorp Vault and Vault Enterprise.
Where can I find more information about CVE-2020-16251?
You can find more information about CVE-2020-16251 on the following references: http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html, https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151, and https://www.hashicorp.com/blog/category/vault/.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-16251
- agent/software-canonical-lookup
- agent/severity
- agent/description
- agent/author
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-4mp7-2m29-gqxf
- agent/last-modified-date
- agent/references
- collector/github-advisory
- agent/softwarecombine
- agent/tags
- agent/trending
- vendor/hashicorp
- canonical/hashicorp vault
- version/hashicorp vault/0.8.3
- version/hashicorp vault/1.3.0
- version/hashicorp vault/1.4.0
- version/hashicorp vault/1.5.0
- package-manager/redhat
- package-manager/go