First published: Wed Sep 30 2020(Updated: )
HashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect Access Control.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
HashiCorp Vault | >=1.0.0<1.4.7 | |
HashiCorp Vault | >=1.0.0<1.4.7 | |
HashiCorp Vault | >=1.5.0<1.5.4 | |
HashiCorp Vault | >=1.5.0<1.5.4 | |
go/github.com/hashicorp/vault | >=1.0<1.5.4 | 1.5.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-25816.
HashiCorp Vault versions 1.0 and newer are affected.
The vulnerability is fixed in versions 1.4.7 and 1.5.4 of HashiCorp Vault.
The severity of CVE-2020-25816 is medium with a CVSS score of 6.8.
You can find more information about this vulnerability in the HashiCorp Vault Changelog and the HashiCorp blog.