Описание
HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.
A flaw was found in HashiCorp Vault Enterprise, where a remote attacker can obtain sensitive information caused by a vulnerability when deleting a namespace. This flaw allows a remote attacker to revoke dynamic secrets for a mount in a deleted namespace.
Отчет
Red Hat Products are not affected by this CVE as this CVE only affects HashiCorp Vault Enterprise versions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel8 | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-installer | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/topology-aware-lifecycle-manager-rhel8-operator | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/cephcsi-rhel8 | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/mcg-rhel8-operator | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/ocs-rhel8-operator | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/rook-ceph-rhel8-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/cephcsi-rhel9 | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/mcg-rhel9-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/ocs-rhel9-operator | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.
Improper Resource Shutdown or Release in HashiCorp Vault
EPSS
7.5 High
CVSS3