Описание
HashiCorp Vault Improper Privilege Management
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
Пакеты
github.com/hashicorp/vault
>= 0.11.0, < 1.3.4
1.3.4
EPSS
9.3 Critical
CVSS4
9.1 Critical
CVSS3
CVE ID
Дефекты
Связанные уязвимости
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, позволяющая нарушителю повысить свои привилегии
EPSS
9.3 Critical
CVSS4
9.1 Critical
CVSS3