A vulnerability was identified in Vault and Vault Enterprise (“Vault”) such that, with the GCP Auth Method configured and under certain circumstances, the values relied upon by Vault to validate Google Compute Engine (GCE) VMs may be manipulated and authentication bypassed. https://www.hashicorp.com/blog/category/vault/ https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151 http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2023:2138 https://access.redhat.com/errata/RHSA-2023:2138
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-16251
This issue has been addressed in the following products: RHODF-4.13-RHEL-9 Via RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742