CVE-2023-5077

Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets

CVSS 7.6 HIGHEPSS 0.4%CWE-266

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Produtos afetados

HashiCorp · Vault HashiCorp · Vault Enterprise

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654