Unrated severityNVD Advisory· Published Dec 17, 2020· Updated Aug 4, 2024

CVE-2020-35453

Description

HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.

Affected products

osv-coords
pkg:bitnami/vault
Range: >= 1.5.0, < 1.5.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983mitrex_refsource_CONFIRM
github.com/hashicorp/vault/blob/master/CHANGELOG.mdmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000