Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-5999

Опубликовано: 01 авг. 2025
Источник: redhat
CVSS3: 7.2

Описание

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
cert-manager Operator for Red Hat OpenShiftcert-manager/cert-manager-operator-rhel9Affected
cert-manager Operator for Red Hat OpenShiftcert-manager/jetstack-cert-manager-acmesolver-rhel9Affected
cert-manager Operator for Red Hat OpenShiftcert-manager/jetstack-cert-manager-rhel9Affected
external secrets operator for Red Hat OpenShift - Tech Previewexternal-secrets-operator/external-secrets-operator-rhel9Affected
Red Hat Openshift Data Foundation 4odf4/cephcsi-rhel9Affected
Red Hat Openshift Data Foundation 4odf4/mcg-cli-rhel9Affected
Red Hat Openshift Data Foundation 4odf4/mcg-rhel9-operatorAffected
Red Hat Openshift Data Foundation 4odf4/odf-cli-rhel9Affected
Red Hat Trusted Artifact Signerrhtas/client-server-rhel9Affected
Red Hat Trusted Artifact Signerrhtas/fulcio-rhel9Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-266
https://bugzilla.redhat.com/show_bug.cgi?id=2386006github.com/hashicorp/vault: Vault Identity Token Privilege Escalation

7.2 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-5999

CVSS3: 7.2
nvd
5 дней назад

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.

github логотип

GHSA-6h4p-m86h-hhgh

CVSS3: 7.2
github
5 дней назад

Hashicorp Vault has Privilege Escalation Vulnerability

7.2 High

CVSS3