9 matches found
GO-2026-5487 HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service in github.com/hashicorp/vault
HashiCorp Vault has a KVv2 Metadata and Secret Deletion Policy Bypass that leads to Denial-of-Service in github.com/hashicorp/vault...
BIT-VAULT-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the kvv2 process. An attacker can cause unauthorized deletion of secrets by exploiting policy configurations containing a glob pattern, which may result in service disruption...
Authentication Bypass Using an Alternate Path or Channel
Overview github.com/hashicorp/vault/vault is a tool for securely accessing secrets. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the kvv2 process. An attacker can cause unauthorized deletion of secrets by exploiting policy...
CVE-2026-3605
CVE-2026-3605 affects Vault KVv2 metadata and deletion policy, enabling an authenticated user with access to a kvv2 path (via a glob in policy) to delete secrets they were not authorized to read/write, causing denial-of-service. The vulnerability does not allow cross-namespace deletion or reading...
CVE-2026-3605 Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...
CVE-2026-3605
An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret...
SUSE CVE-2023-22647
An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this...
Privilege escalation
An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this...