Lucene search
+L

4 matches found

Snyk
Snyk
added 2026/04/17 6:31 a.m.6 views

Authentication Bypass Using an Alternate Path or Channel

Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the kvv2 process. An attacker can cause unauthorized deletion of secrets by exploiting policy...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References2
OSV
OSV
added 2026/04/17 6:31 a.m.6 views

GHSA-M2W4-8GGF-RJ47 HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS5.7AI score0.00376EPSS
Exploits0References3
OSV
OSV
added 2026/04/17 2:44 a.m.2 views

CVE-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS7.1AI score0.00376EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/17 2:44 a.m.4 views

CVE-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References1
Rows per page
Query Builder