CVE-2020-10661

GHSA-j6vv-vv26-rh7c, CVE-2020-10661

go/github.com/hashicorp/vault/vault

HashiCorp Vault Improper Privilege Management

HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.

All versions starting from 0.11.0 before 1.3.4

Upgrade to version 1.3.4 or above.

2024-01-31