A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.
History

Wed, 02 Oct 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat openshift
CPEs cpe:/a:redhat:openshift:4.17::el9
Vendors & Products Redhat
Redhat openshift

Thu, 26 Sep 2024 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Thu, 26 Sep 2024 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-266

Mon, 23 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-09-28T23:17:24.349Z

Updated: 2024-09-26T21:50:59.474Z

Reserved: 2023-07-19T14:34:43.733Z

Link: CVE-2023-3775

cve-icon Vulnrichment

Updated: 2024-08-02T07:08:50.185Z

cve-icon NVD

Status : Modified

Published: 2023-09-29T00:15:12.543

Modified: 2024-11-21T08:18:02.273

Link: CVE-2023-3775

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-09-29T00:00:00Z

Links: CVE-2023-3775 - Bugzilla