CVE-2020-35453 log

Source
Severity Medium
Remote No
Type Privilege escalation
Description
HashiCorp Vault Enterprise's Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
Group Package Affected Fixed Severity Status Ticket
AVG-1369 vault 1.5.4-1 Medium Not affected
References
https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983
https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161