x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-57gg-cj55-q5g2

[GoVulnBot]

In GitHub Security Advisory GHSA-57gg-cj55-q5g2, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hashicorp/vault	1.5.4	>= 1.0, < 1.5.4

Cross references:

• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-362v-wg5p-64w2 #578 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-c5wc-v287-82pc #590 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-pfmw-vj74-ph8g #611 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-qv95-g3gm-x542 #618 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-23fq-q7hc-993r #620 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-38j9-7pp9-2hjw #623 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-6239-28c2-9mrm, CVE-2021-38554 #632 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault/command: GHSA-25xj-89g5-fm6h #778 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-9vh5-r4qw-v3vv #816 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-fp52-qw33-mfmw #825 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-7cgv-v83v-rr87 #1021 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-v3hp-mcj5-pg39 #1685 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-hwc3-3qh6-r4gg #1708 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-gq98-53rq-qr5h #1849 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-9mh8-9j64-443f #1897 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-wmg5-g953-qqfw #1900 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-9v3w-w2jh-4hff #1986 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-v84f-6r39-cpfc #2063 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-86c6-3g63-5w64 #2088 NOT_IMPORTABLE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-4qhc-v8r6-8vwm #2329 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-vq4h-9ghm-qmrr #1709
• Module github.com/hashicorp/vault appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-6p62-6cg9-f5f5 #2399

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/hashicorp/vault
      versions:
        - introduced: 1.0.0
          fixed: 1.5.4
      vulnerable_at: 1.5.3
      packages:
        - package: github.com/hashicorp/vault
summary: Token leases could outlive their TTL in HashiCorp Vault
cves:
    - CVE-2020-25816
ghsas:
    - GHSA-57gg-cj55-q5g2
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2020-25816
    - fix: https://github.com/hashicorp/vault/pull/10020/commits/f192878110fe93eb13da914b2bee28caa7866a29
    - web: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#147
    - web: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154
    - web: https://www.hashicorp.com/blog/category/vault
    - advisory: https://github.com/advisories/GHSA-57gg-cj55-q5g2

[gopherbot]

Change https://go.dev/cl/561835 mentions this issue: data/excluded: batch add 9 excluded reports

[gopherbot]

Change https://go.dev/cl/592778 mentions this issue: data/reports: unexclude 80 reports

[gopherbot]

Change https://go.dev/cl/606358 mentions this issue: data/reports: regenerate 50 reports