CVE-2020-35453

MEDIUM5.3EPSS 0.33%

發布日:2024/3/6修改日:2025/4/3

描述

HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.

受影響套件(1)

Bitnami/vault>= 1.5.0, < 1.5.6, >= 1.6.0, < 1.6.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

參考連結(3)

WEBhttps://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983
WEBhttps://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-35453