CVE-2020-25594 - Vulnerability Details - OpenCVE

HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hashicorp	Vault

Configuration 1 [-]

OR	cpe:2.3:a:hashicorp:vault:::::-:::*
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault:::::-:::*
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*

No data.

References

Link	Providers
https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336
https://nvd.nist.gov/vuln/detail/CVE-2020-25594
https://security.gentoo.org/glsa/202207-01
https://www.cve.org/CVERecord?id=CVE-2020-25594

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-01T15:41:36

Updated: 2024-08-04T15:33:05.746Z

Reserved: 2020-09-15T00:00:00

Link: CVE-2020-25594

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-02-01T16:15:12.607

Modified: 2024-11-21T05:18:11.117

Link: CVE-2020-25594

Redhat

Severity : Moderate

Publid Date: 2021-02-01T00:00:00Z

Links: CVE-2020-25594 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T20:07:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336"}, {"name": "GLSA-202207-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202207-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-25594", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336"}, {"name": "GLSA-202207-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202207-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:33:05.746Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336"}, {"name": "GLSA-202207-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202207-01"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-25594", "datePublished": "2021-02-01T15:41:36", "dateReserved": "2020-09-15T00:00:00", "dateUpdated": "2024-08-04T15:33:05.746Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "matchCriteriaId": "32DD844D-4C10-450D-9017-D5870DF07738", "versionEndExcluding": "1.5.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "11FF3556-E92E-423B-86E5-175BD43F9192", "versionEndExcluding": "1.5.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "matchCriteriaId": "6FA59962-1063-4AA3-8B24-C8C6FD2C7341", "versionEndExcluding": "1.6.2", "versionStartIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4F85653B-E5DE-4654-A520-1573CD4F46DF", "versionEndExcluding": "1.6.2", "versionStartIncluding": "1.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7."}, {"lang": "es", "value": "HashiCorp Vault y Vault Enterprise permitieron la enumeraci\u00f3n de rutas de montaje de Secrets Engine por medio de peticiones HTTP no autenticadas. Corregido en las versiones 1.6.2 y 1.5.7"}], "id": "CVE-2020-25594", "lastModified": "2024-11-21T05:18:11.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-01T16:15:12.607", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202207-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202207-01"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "vault: API Endpoint Allowed Enumeration of Secrets Engine Mount Paths Without Authentication", "id": "2189536", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2189536"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-200", "details": ["HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.", "A flaw was found in HashiCorp Vault and Vault Enterprise. This flaw allows a remote attacker to obtain sensitive information. By sending a specially-crafted request, a remote attacker can perform enumeration of the Secrets Engine mount paths."], "name": "CVE-2020-25594", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-installer", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/topology-aware-lifecycle-manager-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/ocs-must-gather-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/cephcsi-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/mcg-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/ocs-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-multicluster-rhel9-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odf-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}], "public_date": "2021-02-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-25594\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25594\nhttps://discuss.hashicorp.com/t/hcsec-2021-03-vault-api-endpoint-allowed-enumeration-of-secrets-engine-mount-paths-without-authentication/20336"], "threat_severity": "Moderate"}