Headline
GHSA-86c6-3g63-5w64: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
The Vault and Vault Enterprise (“Vault”) Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
High severity GitHub Reviewed Published Sep 29, 2023 to the GitHub Advisory Database • Updated Sep 29, 2023
Related news
CVE-2023-5077: HCSEC-2023-30 - Vault’s Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.