#VU26458 Permissions, Privileges, and Access Controls in Vault and Vault Enterprise - CVE-2020-10660

Cybersecurity Help s.r.o.

Published: 2020-03-30

Vulnerability identifier: #VU26458

Vulnerability risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-10660

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vault
Web applications / Modules and components for CMS
Vault Enterprise
Web applications / Modules and components for CMS

Vendor: HashiCorp

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to, under certain circumstances, an Entity's Group membership inadvertently includes Groups the Entity no longer has permissions to. A remote authenticated attacker can gain elevated privileges on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vault: 0.9.0 - 0.9.6, 0.10.0 - 0.11.6, 1.0.0 - 1.0.3, 1.1.0 - 1.1.5, 1.2.0 - 1.2.4, 1.3.0 - 1.3.3

Vault Enterprise: 0.9.0 - 0.9.6, 0.10.0 - 0.11.6, 1.0.0 - 1.0.3, 1.1.0 - 1.1.5, 1.2.0 - 1.2.4, 1.3.0 - 1.3.3

External links
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020
https://www.hashicorp.com/blog/category/vault/
https://github.com/hashicorp/vault/commit/18485ee9d4352ac8e8396c580b5941ccf8e5b31a

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in HashiCorp Vault and Vault Enterprise