-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability explicitly relates to the secret-id-accessor/destroy endpoint in the AppRole auth method. In Vault's architecture, endpoint handlers are typically found in path-specific files within the credential backend implementation. The 'path_secret_id_accessor.go' file contains handlers for secret ID accessor operations, and the destroy handler would be responsible for validating accessor ownership. The lack of ownership check in the destroy operation directly maps to this function's responsibility. While exact code isn't provided, Vault's well-documented architecture and the endpoint's specificity give high confidence in this identification.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/hashicorp/vault | go | < 1.10.11 | 1.10.11 |
| github.com/hashicorp/vault | go | >= 1.11.0, < 1.11.8 | 1.11.8 |
| github.com/hashicorp/vault | go | >= 1.12.0, < 1.12.4 | 1.12.4 |