Описание
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.
A flaw was found in HashiCorp Vault. This vulnerability allows a privileged Vault operator with write permissions to the root namespace's identity endpoint to escalate their privileges to Vault’s root policy.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Openshift Container Storage 4 | ocs4/cephcsi-rhel8 | Affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/mcg-rhel8-operator | Affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/ocs-must-gather-rhel8 | Affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/ocs-rhel8-operator | Affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/rook-ceph-rhel8-operator | Affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/cephcsi-rhel9 | Affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/mcg-cli-rhel9 | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/mcg-rhel9-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/odf-cli-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
7.2 High
CVSS3
Связанные уязвимости
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.
Vault Community Edition privilege escalation vulnerability
Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с неправильным назначением привилегий, позволяющая нарушителю повысить свои привилегии
7.2 High
CVSS3