mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-29 05:56:17 +00:00
120 lines
3.5 KiB
JSON
120 lines
3.5 KiB
JSON
{
|
|
"id": "CVE-2020-10660",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2020-03-23T13:15:13.127",
|
|
"lastModified": "2020-03-30T16:04:59.960",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, have an Entity's Group membership inadvertently include Groups the Entity no longer has permissions to. Fixed in 1.3.4."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "HashiCorp Vault y Vault Enterprise versiones 0.9.0 hasta 1.3.3, pueden bajo determinadas circunstancias, presentar una membres\u00eda Entity's Group que inadvertidamente incluye Grupos a los que la Entidad ya no tiene permiso. Corregido en 1.3.4."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-276"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
|
|
"versionStartIncluding": "0.9.0",
|
|
"versionEndIncluding": "1.3.3",
|
|
"matchCriteriaId": "11BD6F5D-C0B7-4355-B4F3-E24A7D69D41D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
|
|
"versionStartIncluding": "0.9.0",
|
|
"versionEndIncluding": "1.3.3",
|
|
"matchCriteriaId": "5A05972B-DC6F-4846-B2C1-D226F303874B"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://www.hashicorp.com/blog/category/vault/",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |