Inadvertent Group Membership Inclusion Vulnerability in HashiCorp Vault

CVE-2020-10660 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.

Learn more about our Web Application Penetration Testing UK.