GHSA-j6vv-vv26-rh7c, CVE-2020-10661
go/github.com/hashicorp/vault/vault
HashiCorp Vault Improper Privilege Management
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
All versions starting from 0.11.0 before 1.3.4
Upgrade to version 1.3.4 or above.
2024-01-31
source |