Main Vulnerability Database SB2023092908

SB2023092908 - Cross-namespace denial of service in HashiCorp Vault Enterprise

Published: September 29, 2023

Security Bulletin ID SB2023092908

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Privilege Management (CVE-ID: CVE-2023-3775)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect enforcement of Sentinel Role Governing Policy. A remote user can create a Role Governing Policy (RGP) in one namespace and use it to restrict resources in another, non-child namespace.

Sentinel RGP’s can be set by users authorized to write to the /sys/policies/rgp endpoint. These policies can be used to restrict or deny access to resources, but cannot grant additional access. As a result, this vulnerability is limited to denial of service.

Remediation

Install update from vendor's website.

References

https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653