Vulnerabilities > CVE-2020-35453 - Unspecified vulnerability in Hashicorp Vault
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 16 |
References
- https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983
- https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983
- https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161
- https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161