CVE-2020-12757

CRITICAL Year: 2020
CVSS v3 Score
9.8
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-269
View all →

Vulnerability Description

HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2.

Related Vulnerabilities

CVE-2003-5001

CRITICAL
CVSS:9.8(Critical)

A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/...

CWE-2692003

CVE-2006-4243

CRITICAL
CVSS:9.8(Critical)

linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.

CWE-2692006

CVE-2013-3323

CRITICAL
CVSS:9.8(Critical)

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session,...

CWE-2692013

CVE-2013-6295

CRITICAL
CVSS:9.8(Critical)

PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module

CWE-2692013

CVE-2014-1510

CRITICAL
CVSS:9.8(Critical)

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code...

CWE-2692014