A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2023-09-28T23:17:24.349Z
Updated: 2024-08-02T07:08:50.185Z
Reserved: 2023-07-19T14:34:43.733Z
Link: CVE-2023-3775
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-29T00:15:12.543
Modified: 2023-10-02T20:04:13.150
Link: CVE-2023-3775
Redhat