github.com/hashicorp/terraform-provider-vault is vulnerable to authorization bypass. The insecure configuration in GCE-type bound labels for GCP auth method could allow for an attacker to bypass authorization and access otherwise restricted actions.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/hashicorp/terraform-provider-vault | le | v2.17.0 |