A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.
Metrics
Affected Vendors & Products
References
History
Wed, 02 Oct 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat openshift |
|
CPEs | cpe:/a:redhat:openshift:4.17::el9 | |
Vendors & Products |
Redhat
Redhat openshift |
Thu, 26 Sep 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-20 |
Thu, 26 Sep 2024 22:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-266 |
Mon, 23 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2023-09-28T23:17:24.349Z
Updated: 2024-09-26T21:50:59.474Z
Reserved: 2023-07-19T14:34:43.733Z
Link: CVE-2023-3775
Vulnrichment
Updated: 2024-08-02T07:08:50.185Z
NVD
Status : Modified
Published: 2023-09-29T00:15:12.543
Modified: 2024-11-21T08:18:02.273
Link: CVE-2023-3775
Redhat