CVE-2023-5077

CVSS V2 None CVSS V3 None

Description

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.

Overview

CVE ID
CVE-2023-5077

Assigner
HashiCorp

Vulnerability Status
PUBLISHED

Published Version
2023-09-28T23:24:28.643Z

Last Modified Date
2023-09-28T23:24:28.643Z

Weakness Enumerations

CWE	URL
CWE-732	http://cwe.mitre.org/data/definitions/732.html

References

Reference URL	Reference Tags
https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-5077
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5077

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 05:09:38				Added to TrackCVE