Описание
A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
EPSS
Процентиль: 23%
0.00072
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 8
redhat
5 дней назад
A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
CVSS3: 9.1
github
5 дней назад
Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration
EPSS
Процентиль: 23%
0.00072
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-94