Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper authorization in the secret-set process. An attacker can gain unauthorized access to and modify Kubernetes secrets by exploiting insufficient access controls, allowing them to read or alter secret...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the Vault secrets back-end implementation. An attacker can modify secret revisions without proper authorization by leveraging access as an authenticated unit agent and possessing sufficient information about...

Incorrect Ownership Assignment

Overview Affected versions of this package are vulnerable to Incorrect Ownership Assignment in the secrets management process. An attacker can gain unauthorized access to sensitive information by exploiting a race condition between the generation of a secret ID and the creation of the secret's...

Predictable Value Range from Previous Values

Overview Affected versions of this package are vulnerable to Predictable Value Range from Previous Values when granting permissions to secrets using a predictable XID. An attacker can gain unauthorized access to resources associated with previously granted secrets by predicting secret identifiers...