HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4.
{
"cpe": [
"cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*"
],
"extracted_events": [
{
"introduced": "0.11.0"
},
{
"last_affected": "1.3.3"
}
],
"source": "CPE_RANGE"
}