Critical severityNVD Advisory· Published Sep 30, 2020· Updated Aug 4, 2024
CVE-2020-25816
CVE-2020-25816
Description
HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/vaultGo | >= 1.0.0-beta1, < 1.5.4 | 1.5.4 |
Affected products
3- HashiCorp/Vaultdescription
- osv-coords2 versions
>= 1.0.0, < 1.4.7+ 1 more
- (no CPE)range: >= 1.0.0, < 1.4.7
- (no CPE)range: >= 1.0.0-beta1, < 1.5.4
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-57gg-cj55-q5g2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-25816ghsaADVISORY
- github.com/hashicorp/vault/blob/master/CHANGELOG.mdghsaWEB
- github.com/hashicorp/vault/blob/master/CHANGELOG.mdghsax_refsource_CONFIRMWEB
- github.com/hashicorp/vault/pull/10020/commits/f192878110fe93eb13da914b2bee28caa7866a29ghsaWEB
- www.hashicorp.com/blog/category/vaultghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.