Lucene search
K

6 matches found

OSV
OSV
added 2024/03/06 11:8 a.m.15 views

BIT-VAULT-2023-3775 Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8...

4.9CVSS4.8AI score0.00451EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/10/03 6:27 a.m.29 views

CVE-2023-3775

A flaw was found in the Vault Enterprise. A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in a denial of service...

4.9CVSS5.3AI score0.00451EPSS
Exploits0References4
NVD
NVD
added 2023/09/29 12:15 a.m.18 views

CVE-2023-3775

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8...

4.9CVSS4.5AI score0.00451EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2023/09/29 12:15 a.m.18 views

CVE-2023-3775

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8...

4.9CVSS6.9AI score0.00451EPSS
Exploits0
Prion
Prion
added 2023/09/29 12:15 a.m.14 views

Design/Logic Flaw

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8...

3.3CVSS5AI score0.00451EPSS
Exploits0References1Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2023/09/28 11:8 p.m.5 views

Vault Enterprise’s Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service

Summary A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. This vulnerability, CVE-2023-3775, is fixed in Vaul...

4.9CVSS6.1AI score0.00451EPSS
Exploits0Affected Software1
Rows per page
Query Builder