Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-5077

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.

Published

2023-09-29T00:15:12.693

Last Modified

2024-11-21T08:41:01.217

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Secondary
CWE-266
Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hashicorp	vault	< 1.13.0	Yes
Application	hashicorp	vault	< 1.13.0	Yes

References

https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654 Vendor Advisory ([email protected])
https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)