CVE-2020-16251 — HashiCorp Vault Authentication bypass in github.com/hashicorp/vault

Description

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.

How to fix CVE-2020-16251

To remediate CVE-2020-16251, upgrade the affected package to a fixed version below.

Bitnami/vault—upgrade to 1.2.5 or later
—upgrade to 1.2.5 or later
—upgrade to 1.2.5 or later

Is CVE-2020-16251 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

>= 0.8.3, < 1.2.5, >= 1.3.0, < 1.3.8, >= 1.4.0, < 1.4.4, >= 1.5.0, < 1.5.1
>= 0.8.3, < 1.2.5
>= 0.8.3, < 1.2.5, >= 1.3.0, < 1.3.8, >= 1.4.0, < 1.4.4, >= 1.5.0, < 1.5.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

References (7)

ADVISORYgithub.com/advisories/GHSA-4mp7-2m29-gqxf
ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-16251
PATCHgithub.com/hashicorp/vault
WEBpacketstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html