github.com/hashicorp/vault does not properly handle and manage sessions. The vulnerability exists in Vault Enterprise, where the revocation of a token scoped to a non-root namespace does not properly trigger the revocation of the dynamic secret leases associated with the token.