RSS   Vulnerabilities for 'Vault-ssh-helper'   RSS

2020-08-20
 
CVE-2020-24359

CWE-20
 

 
HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0.

 

 >>> Vendor: Hashicorp 15 Products
Sentinel
Vault
Vagrant vmware fusion
Vagrant
Terraform
Consul
Nomad
Packer
Terraform enterprise
Vault-ssh-helper
Go-slug
Vault provider for secrets store csi driver
Terraform provider
Vault-action
Go-getter


Copyright 2024, cxsecurity.com

 

Back to Top