{"uuid": "d1bae043-8138-47b1-bfc3-e35d090630bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16250", "type": "published-proof-of-concept", "source": "https://t.me/cloud_sec/73", "content": "\ud83d\udd37\ud83d\udd38Enter the Vault: Authentication Issues in HashiCorp Vault\n\nProject Zero found two vulnerabilities in HashiCorp Vault and its integration with AWS and GCP, which can lead to an authentication bypass in configurations that use the aws and gcp auth methods. Both vulnerabilities (CVE-2020-16250/16251) were addressed by HashiCorp and are fixed in Vault versions 1.2.5, 1.3.8, 1.4.4 and 1.5.1 released in August.\n\nhttps://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html\n\n#aws #gcp", "creation_timestamp": "2020-10-12T06:44:54.000000Z"}