Improper Namespace Access Control in HashiCorp Vault Enterprise's Sentinel EGP Policy Feature
CVE-2020-35453 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
Learn more about our Web Application Penetration Testing UK.