8.2

CVE-2020-16250

HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HashicorpVault SwEdition- Version >= 0.7.1 < 1.2.5
HashicorpVault SwEditionenterprise Version >= 0.7.1 < 1.2.5
HashicorpVault SwEdition- Version >= 1.3.0 < 1.3.8
HashicorpVault SwEditionenterprise Version >= 1.3.0 < 1.3.8
HashicorpVault SwEdition- Version >= 1.4.0 < 1.4.4
HashicorpVault SwEditionenterprise Version >= 1.4.0 < 1.4.4
HashicorpVault SwEdition- Version >= 1.5.0 < 1.5.1
HashicorpVault SwEditionenterprise Version >= 1.5.0 < 1.5.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.77% 0.821
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.