CVE-2020-12757

Published: 2020-06-10T19:15Z

Last Modified: 2024-11-21T05:00Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt