Miggo Logo

CVE-2020-10661: HashiCorp Vault Improper Privilege Management

9.1

CVSS Score
3.1

Basic Information

EPSS Score
0.57984%
Published
1/30/2024
Updated
9/16/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/hashicorp/vaultgo>= 0.11.0, < 1.3.41.3.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper group membership cleanup during authentication flows. Key changes in expiration.go and request_handling.go show the removal of conditional checks around group alias validation, indicating these were points where stale permissions could persist. The LDAP test helper change (GroupAttr from memberOf->cn) and added test cases in identity_test.go further validate that group membership tracking was central to the privilege escalation issue.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**s*i*orp V*ult *n* V*ult *nt*rpris* v*rsions *.**.* t*rou** *.*.* m*y, un**r **rt*in *ir*umst*n**s, **v* *xistin* n*st**-p*t* poli*i*s *r*nt ****ss to N*m*sp***s *r**t** **t*r-t**-***t. *ix** in *.*.*.

Reasoning

T** vuln*r**ility st*ms *rom improp*r *roup m*m**rs*ip *l**nup *urin* *ut**nti**tion *lows. K*y ***n**s in *xpir*tion.*o *n* r*qu*st_**n*lin*.*o s*ow t** r*mov*l o* *on*ition*l ****ks *roun* *roup *li*s v*li**tion, in*i**tin* t**s* w*r* points w**r*