CVE-2020-7220

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Vault Enterprise versions 0.11.0 through 1.3.1

Description The issue arises when HashiCorp Vault Enterprise fails to revoke dynamic secrets for a mount in a deleted namespace under certain circumstances. This problem does not specify the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For versions 0.11.0 through 1.3.1, update to version 1.3.2 to resolve the issue.

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BIT-VAULT-2020-7220

CVE-2020-7220

GHSA-9VH5-R4QW-V3VV

GO-2022-0816

Affected Products

Hashicorp Vault Enterprise

CVE-2020-7220

Weakness Enumeration

Related Identifiers

Affected Products

References · 8