Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Hashicorp HashiCorp Vault 安全漏洞
Vulnerability Description
Hashicorp HashiCorp Vault是美国HashiCorp(Hashicorp)公司的一款私钥访问管理工具。 HashiCorp Vault andVault Enterprise 1.8.0到1.8.4版本存在安全漏洞,该漏洞源于软件在全局相关策略和谷歌云秘密引擎之间可能会有意外的交互。在某些情况下,用户可能拥有比预期更多的特权,例如,具有/gcp/roleset/*路径读权限的用户可能能够发出谷歌云服务帐户凭证。
CVSS Information
N/A
Vulnerability Type
N/A