First published: Thu Dec 17 2020(Updated: )
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
HashiCorp Vault | >=1.5.0<1.5.6 | |
HashiCorp Vault | >=1.5.0<1.5.6 | |
HashiCorp Vault | >=1.6.0<1.6.1 | |
HashiCorp Vault | >=1.6.0<1.6.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2020-35453.
The severity level of CVE-2020-35453 is medium (5.3).
HashiCorp Vault versions 1.5.0 to 1.5.6 and 1.6.0 to 1.6.1, both open source and enterprise editions, are affected by CVE-2020-35453.
To fix CVE-2020-35453, update your HashiCorp Vault installation to version 1.5.6 or 1.6.1.
You can find more information about CVE-2020-35453 on the official HashiCorp Vault GitHub repository and the HashiCorp discussion forum.