Improper Namespace Access Control in HashiCorp Vault Enterprise's Sentinel EGP Policy Feature

Improper Namespace Access Control in HashiCorp Vault Enterprise's Sentinel EGP Policy Feature

CVE-2020-35453 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.

Learn more about our Web Application Penetration Testing UK.