Back to bug 2189538
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-05-31 23:37:41 UTC | CC | mrajanna | |
| Red Hat Bugzilla | 2023-07-07 08:33:32 UTC | Assignee | security-response-team | nobody |
| Avinash Hanwate | 2023-07-11 06:37:55 UTC | Doc Text | HashiCorp Vault and Vault Enterprise could allow a remote attacker to bypass security restrictions, caused by an issue when inadvertently including Groups the Entity that no longer has permissions to. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. | |
| RaTasha Tillery-Smith | 2023-07-11 13:47:14 UTC | Doc Text | HashiCorp Vault and Vault Enterprise could allow a remote attacker to bypass security restrictions, caused by an issue when inadvertently including Groups the Entity that no longer has permissions to. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. | A flaw was found in HashiCorp Vault and Vault Enterprise. This flaw allows a remote attacker to bypass security restrictions caused by an issue when inadvertently including Groups the Entity no longer has permission to. By sending a specially crafted request, an attacker can bypass access restrictions. |
| Avinash Hanwate | 2023-07-18 13:23:08 UTC | Blocks | 2223663 | |
| Avinash Hanwate | 2023-07-18 13:44:37 UTC | CC | jcantril, periklis | |
| Fixed In Version | vault 1.3.4 | |||
| Red Hat Bugzilla | 2023-08-03 08:29:16 UTC | CC | ocs-bugs | |
| Product Security DevOps Team | 2023-08-03 13:39:13 UTC | Resolution | --- | WONTFIX |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-08-03 13:39:13 UTC |
Back to bug 2189538