CVE-2020-10660 - Vulnerability Details - OpenCVE

HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hashicorp	Vault

Configuration 1 [-]

OR	cpe:2.3:a:hashicorp:vault:::::-:::*
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*

No data.

References

Link	Providers
https://discuss.hashicorp.com/t/hcsec-2020-06-vault-auth-groups-not-removed-in-certain-circumstances/18089
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020
https://nvd.nist.gov/vuln/detail/CVE-2020-10660
https://www.cve.org/CVERecord?id=CVE-2020-10660
https://www.hashicorp.com/blog/category/vault/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-03-23T12:55:42

Updated: 2024-08-04T11:06:10.655Z

Reserved: 2020-03-18T00:00:00

Link: CVE-2020-10660

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-23T13:15:13.127

Modified: 2024-11-21T04:55:47.377

Link: CVE-2020-10660

Redhat

Severity : Moderate

Publid Date: 2020-03-23T00:00:00Z

Links: CVE-2020-10660 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-23T12:55:42", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.hashicorp.com/blog/category/vault/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10660", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.hashicorp.com/blog/category/vault/", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/vault/"}, {"name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020", "refsource": "CONFIRM", "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:06:10.655Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.hashicorp.com/blog/category/vault/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10660", "datePublished": "2020-03-23T12:55:42", "dateReserved": "2020-03-18T00:00:00", "dateUpdated": "2024-08-04T11:06:10.655Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "matchCriteriaId": "11BD6F5D-C0B7-4355-B4F3-E24A7D69D41D", "versionEndIncluding": "1.3.3", "versionStartIncluding": "0.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "5A05972B-DC6F-4846-B2C1-D226F303874B", "versionEndIncluding": "1.3.3", "versionStartIncluding": "0.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4."}, {"lang": "es", "value": "HashiCorp Vault y Vault Enterprise versiones 0.9.0 hasta 1.3.3, pueden bajo determinadas circunstancias, presentar una membres\u00eda Entity's Group que inadvertidamente incluye Grupos a los que la Entidad ya no tiene permiso. Corregido en 1.3.4."}], "id": "CVE-2020-10660", "lastModified": "2024-11-21T04:55:47.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-23T13:15:13.127", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.hashicorp.com/blog/category/vault/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.hashicorp.com/blog/category/vault/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "vault: Entity's Group membership inadvertently include Groups the Entity no longer has permissions to", "id": "2189538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189538"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-284", "details": ["HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4.", "A flaw was found in HashiCorp Vault and Vault Enterprise. This flaw allows a remote attacker to bypass security restrictions caused by an issue when inadvertently including Groups the Entity no longer has permission to. By sending a specially crafted request, an attacker can bypass access restrictions."], "name": "CVE-2020-10660", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-installer", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/topology-aware-lifecycle-manager-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/ocs-must-gather-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/cephcsi-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/mcg-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/ocs-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-multicluster-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}], "public_date": "2020-03-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10660\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10660\nhttps://discuss.hashicorp.com/t/hcsec-2020-06-vault-auth-groups-not-removed-in-certain-circumstances/18089"], "threat_severity": "Moderate", "upstream_fix": "vault 1.3.4"}