Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vault Root Namespace Operator May Elevate Token Privileges
Vulnerability Description
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权授予不正确
Vulnerability Title
HashiCorp Vault Enterprise和HashiCorp Vault Community Edition 安全漏洞
Vulnerability Description
HashiCorp Vault Enterprise和HashiCorp Vault Community Edition都是美国HashiCorp公司的产品。HashiCorp Vault Enterprise是一个企业信息归档平台。HashiCorp Vault Community Edition是一款密钥管理工具。 HashiCorp Vault Community Edition 1.20.0之前版本和HashiCorp Vault Enterprise 1.20.0、1.19.6、1.18.11和
CVSS Information
N/A
Vulnerability Type
N/A