HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
2020-03-23T13:15:13.190
2024-11-21T04:55:47.517
Modified
CVSSv3.1: 9.1 (CRITICAL)
AV:N/AC:M/Au:N/C:P/I:P/A:N
8.6
4.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | hashicorp | vault | ≤ 1.3.3 | Yes |
Application | hashicorp | vault | ≤ 1.3.3 | Yes |