CVE-2020-7220

Опубликовано: 23 янв. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 4.3

EPSS Низкий

Описание

HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.

Ссылки

https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020
Third Party Advisory
https://www.hashicorp.com/blog/category/vault/
Vendor Advisory
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020
Third Party Advisory
https://www.hashicorp.com/blog/category/vault/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*

Версия от 0.11.0 (включая) до 1.3.2 (исключая)

EPSS

Процентиль: 53%

0.00305

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-404

Связанные уязвимости

CVE-2020-7220

CVSS3: 7.5

redhat

около 6 лет назад

HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.

GHSA-9vh5-r4qw-v3vv

CVSS3: 7.5

github

больше 4 лет назад

Improper Resource Shutdown or Release in HashiCorp Vault

EPSS

Процентиль: 53%

0.00305

Низкий

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-404