Lucene search
+L

37 matches found

OSV
OSV
added 2025/08/08 2:32 p.m.7 views

GHSA-VF84-MXRQ-CRQC OpenBao Root Namespace Operator May Elevate Token Privileges

Impact Accounts with access to the highly-privileged identity entity system in the root namespace may increase their scope directly to the root policy. While the identity system always allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root...

7.2CVSS6.6AI score0.00487EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2025/08/04 11:25 p.m.3 views

SUSE CVE-2025-6000

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault's configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

8CVSS8AI score0.00867EPSS
Exploits0References4
Snyk
Snyk
added 2025/08/01 6:31 p.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit files in the plugin directory, and using the plugin registration functionality to execute the created files. Notes: - This is onl...

9.1CVSS7.5AI score0.00867EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/01 6:31 p.m.1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit files in the plugin directory, and using the plugin registration functionality to execute the created files. Notes: - This is onl...

9.1CVSS7.5AI score0.00867EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/01 6:31 p.m.1 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the identity endpoint in the root namespace. An attacker can gain unauthorized access to elevated privileges by modifying token permissions to use the root policy. Remediation Upgrade...

8.6CVSS7.2AI score0.00487EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/01 6:31 p.m.2 views

Arbitrary Code Injection

Overview github.com/hashicorp/vault/command is a tool for secrets management, encryption as a service, and privileged access management. Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit...

9.1CVSS7.4AI score0.00867EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/01 6:31 p.m.2 views

Arbitrary Code Injection

Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Arbitrary Code Injection on the host by exploiting write permissions in the root namespace, creating audit files in the plugin directory, and using the plugin...

9.1CVSS7.5AI score0.00867EPSS
Exploits0References2
OSV
OSV
added 2025/08/01 5:40 p.m.6 views

CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

9.1CVSS7.7AI score0.00867EPSS
Exploits0References4
OSV
OSV
added 2025/08/01 5:38 p.m.8 views

CVE-2025-5999 Vault Root Namespace Operator May Elevate Token Privileges

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...

7.2CVSS7.2AI score0.00487EPSS
Exploits0References4
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2025/08/01 5:8 p.m.9 views

Vault Root Namespace Operator May Elevate Token Privileges

Summary A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. This vulnerability, identified as CVE-2025-5999, is fixed in Vault Community Edition 1.20.0 and Vault Enterprise...

7.2CVSS7AI score0.00487EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/12/27 12:32 p.m.13 views

OESA-2024-2588 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload...

7.8CVSS5.9AI score0.00223EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/10 8:54 p.m.43 views

CVE-2024-9180 Vault Operators in Root Namespace May Elevate Their Privileges

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...

7.2CVSS0.00525EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/10 8:54 p.m.18 views

CVE-2024-9180 Vault Operators in Root Namespace May Elevate Their Privileges

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16...

7.2CVSS7AI score0.00525EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/10/10 8:37 p.m.8 views

Vault Operators in Root Namespace May Elevate Their Privileges

Summary A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. This vulnerability, identified as CVE-2024-9180, is fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18....

7.2CVSS7AI score0.00525EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.4 views

HashiCorp Vault Community Edition和Vault Enterprise 安全漏洞

HashiCorp Vault Enterprise and HashiCorp Vault Community Edition are both products of HashiCorp, Inc. of the U.S.A. HashiCorp Vault Enterprise is an enterprise information archiving platform.HashiCorp Vault HashiCorp Vault Enterprise is an enterprise information archiving platform, and HashiCorp...

7.2CVSS7.3AI score0.00525EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.4 views

SUSE CVE-2011-4136

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

5.8CVSS6.9AI score0.02284EPSS
Exploits0References3
PyPA
PyPA
added 2011/10/19 10:55 a.m.7 views

PYSEC-2011-1

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

5.8CVSS6.9AI score0.02284EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder