Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2023-3775

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.

Published: Sep 29, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-3775
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.2
AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H

CWEs:

CWE-266

Affected Software
References

Software	From	Fixed in
hashicorp / vault	1.14.0	1.14.4
hashicorp / vault	0.11.0	1.13.8

https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo