CVE-2023-3775
Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.
Vault Enterprise Sentinel Role Governing Policy creada por un operador para restringir el acceso a los recursos en un espacio de nombres se puede aplicar a solicitudes externas en otro espacio de nombres no descendiente, lo que podrÃa provocar una denegación de servicio. Corregido en Vault Enterprise 1.15.0, 1.14.4, 1.13.8.
A flaw was found in the Vault Enterprise. A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in a denial of service.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-07-19 CVE Reserved
- 2023-09-28 CVE Published
- 2024-09-26 CVE Updated
- 2024-10-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-266: Incorrect Privilege Assignment
- CWE-400: Uncontrolled Resource Consumption
CAPEC
- CAPEC-469: HTTP DoS
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Hashicorp Search vendor "Hashicorp" | Vault Search vendor "Hashicorp" for product "Vault" | >= 0.11.0 < 1.13.8 Search vendor "Hashicorp" for product "Vault" and version " >= 0.11.0 < 1.13.8" | enterprise |
Affected
| ||||||
Hashicorp Search vendor "Hashicorp" | Vault Search vendor "Hashicorp" for product "Vault" | >= 1.14.0 < 1.14.4 Search vendor "Hashicorp" for product "Vault" and version " >= 1.14.0 < 1.14.4" | enterprise |
Affected
|