Back to bug 2189539
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-05-31 23:37:38 UTC | CC | mrajanna | |
| Red Hat Bugzilla | 2023-07-07 08:28:17 UTC | Assignee | security-response-team | nobody |
| Avinash Hanwate | 2023-07-11 06:38:34 UTC | Doc Text | HashiCorp Vault and Vault Enterprise could allow a remote attacker to bypass security restrictions, caused by an issue when the existing nested-path policies may give access to Namespaces created after-the-fact. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. | |
| RaTasha Tillery-Smith | 2023-07-11 13:49:30 UTC | Doc Text | HashiCorp Vault and Vault Enterprise could allow a remote attacker to bypass security restrictions, caused by an issue when the existing nested-path policies may give access to Namespaces created after-the-fact. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions. | A flaw was found in HashiCorp Vault and Vault Enterprise. This flaw allows a remote attacker to bypass security restrictions caused by an issue when the existing nested-path policies may give access to Namespaces created after the fact. By sending a specially crafted request, an attacker can bypass access restrictions. |
| Avinash Hanwate | 2023-07-18 13:23:08 UTC | Blocks | 2223663 | |
| Avinash Hanwate | 2023-07-18 13:46:56 UTC | Priority | medium | high |
| Severity | medium | high | ||
| Fixed In Version | vault 1.3.4 | |||
| CC | jcantril, periklis | |||
| Red Hat Bugzilla | 2023-08-03 08:28:15 UTC | CC | ocs-bugs | |
| Product Security DevOps Team | 2023-08-03 13:40:15 UTC | Resolution | --- | WONTFIX |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-08-03 13:40:15 UTC |
Back to bug 2189539