CVE-2020-10660
unknown
CVSS v3
—
VIR risk
—
Description
HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/hashicorp/vault | >=0.9.0,<1.3.4 | 1.3.4 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2020-10660
- https://github.com/hashicorp/vault/pull/8606
- https://github.com/hashicorp/vault/commit/18485ee9d4352ac8e8396c580b5941ccf8e5b31a
- https://github.com/hashicorp/vault
- https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020
- https://www.hashicorp.com/blog/category/vault
- https://github.com/advisories/GHSA-m979-w9wj-qfj9
💬 Discuss CVE-2020-10660 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.