{"vulnerability": "CVE-2020-1625", "sightings": [{"uuid": "d1bae043-8138-47b1-bfc3-e35d090630bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16250", "type": "published-proof-of-concept", "source": "https://t.me/cloud_sec/73", "content": "\ud83d\udd37\ud83d\udd38Enter the Vault: Authentication Issues in HashiCorp Vault\n\nProject Zero found two vulnerabilities in HashiCorp Vault and its integration with AWS and GCP, which can lead to an authentication bypass in configurations that use the aws and gcp auth methods. Both vulnerabilities (CVE-2020-16250/16251) were addressed by HashiCorp and are fixed in Vault versions 1.2.5, 1.3.8, 1.4.4 and 1.5.1 released in August.\n\nhttps://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html\n\n#aws #gcp", "creation_timestamp": "2020-10-12T06:44:54.000000Z"}, {"uuid": "441f2daa-3efd-46c6-bfb0-4f529dddb09a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-16250", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/1870", "content": "#Cloud_Security\nAuthentication Issues in HashiCorp Vault:\ntwo vulnerabilities in HashiCorp Vault and its integration with Amazon Web Services and Google Cloud Platform (CVE-2020-16250/16251)\nhttps://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html\n]-> PoC Exploit for HashiCorp Vault AWS IAM auth bypass:\nhttps://bugs.chromium.org/p/project-zero/issues/attachmentText?aid=455263", "creation_timestamp": "2022-06-08T02:25:53.000000Z"}]}