BIT-vault-2020-16251

BIT-vault-2020-16251 PUBLISHED CVSS 8.199999809265137 HIGH

HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.

Risk Scores

CVSS 3.1

8.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Affected Products

Vendor	Product	Versions
Bitnami	vault	0.8.3, 1.3.0, 1.4.0

Timeline

Mar 6, 2024 CVE Published
Apr 3, 2025 CVE Updated

References

http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html url
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 url
https://www.hashicorp.com/blog/category/vault/ url
https://nvd.nist.gov/vuln/detail/CVE-2020-16251 url

Open in Interactive Console →