CVE-2020-7220: Improper Resource Shutdown or Release

July 28, 2021

HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2.

References

github.com/advisories/GHSA-9vh5-r4qw-v3vv
github.com/hashicorp/vault/blob/master/CHANGELOG.md
nvd.nist.gov/vuln/detail/CVE-2020-7220

Detect and mitigate CVE-2020-7220 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →