HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-10T18:46:12
Updated: 2024-08-04T12:04:22.829Z
Reserved: 2020-05-09T00:00:00
Link: CVE-2020-12757
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-06-10T19:15:09.647
Modified: 2020-10-12T19:15:12.130
Link: CVE-2020-12757
Redhat