CGA-h425-mx3f-g92v

Published

Last updated

https://images.chainguard.dev/security/CGA-h425-mx3f-g92v

Package

k3d

Latest Update

Fixed

Fixed Version

5.6.0-r11

Aliases

CVE-2020-16250
GHSA-fp52-qw33-mfmw

Severity

8.2

High

CVSS V3

Summary

Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault

Description

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..

References

https://nvd.nist.gov/vuln/detail/CVE-2020-16250
https://github.com/advisories/GHSA-fp52-qw33-mfmw
https://github.com/hashicorp/vault
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151
https://www.hashicorp.com/blog/category/vault
http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-h425-mx3f-g92v

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources