CVE-2020-35453
First published: Thu Dec 17 2020(Updated: )
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Vault | >=1.5.0<1.5.6 | |
| HashiCorp Vault | >=1.5.0<1.5.6 | |
| HashiCorp Vault | >=1.6.0<1.6.1 | |
| HashiCorp Vault | >=1.6.0<1.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2020-35453.
What is the severity level of CVE-2020-35453?
The severity level of CVE-2020-35453 is medium (5.3).
What is affected by CVE-2020-35453?
HashiCorp Vault versions 1.5.0 to 1.5.6 and 1.6.0 to 1.6.1, both open source and enterprise editions, are affected by CVE-2020-35453.
How can I fix CVE-2020-35453?
To fix CVE-2020-35453, update your HashiCorp Vault installation to version 1.5.6 or 1.6.1.
Where can I find more information about CVE-2020-35453?
You can find more information about CVE-2020-35453 on the official HashiCorp Vault GitHub repository and the HashiCorp discussion forum.
- collector/nvd-index
- vendor/hashicorp
- canonical/hashicorp vault
- version/hashicorp vault/1.5.0
- version/hashicorp vault/1.6.0