Lucene search
K

9 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5487 HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service in github.com/hashicorp/vault

HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service in github.com/hashicorp/vault...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References3
OSV
OSV
added 2026/04/21 12:15 p.m.3 views

BIT-VAULT-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/17 6:31 a.m.7 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the kvv2 process. An attacker can cause unauthorized deletion of secrets by exploiting policy configurations containing a glob pattern, which may result in service disruption...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/17 6:31 a.m.6 views

Authentication Bypass Using an Alternate Path or Channel

Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the kvv2 process. An attacker can cause unauthorized deletion of secrets by exploiting policy...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 2:44 a.m.41 views

CVE-2026-3605

CVE-2026-3605 affects Vault KVv2 metadata and deletion policy, enabling an authenticated user with access to a kvv2 path (via a glob in policy) to delete secrets they were not authorized to read/write, causing denial-of-service. The vulnerability does not allow cross-namespace deletion or reading...

8.1CVSS5.7AI score0.00376EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/17 2:44 a.m.4 views

CVE-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS5.8AI score0.00376EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 2:44 a.m.4 views

CVE-2026-3605

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...

8.1CVSS5.7AI score0.00376EPSS
Exploits0References2Affected Software2
SUSE CVE
SUSE CVE
added 2023/06/02 2:29 a.m.2 views

SUSE CVE-2023-22647

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this...

9.9CVSS6.6AI score0.00715EPSS
Exploits0References4
Prion
Prion
added 2023/06/01 1:15 p.m.17 views

Privilege escalation

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this...

5.2CVSS7.6AI score0.00715EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder