Affected by GO-2022-0611
and 19 other vulnerabilities
GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault
GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault
GO-2022-0620: HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vault
GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault
GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault
GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault
GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault
GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault
GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault
GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault
GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault
GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault
GO-2024-2508: Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault
GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault
GO-2024-2617: Authentication bypass in github.com/hashicorp/vault
GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault
GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault
GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault
GO-2024-3246: Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault
This function caches the ns to avoid doing a .Value lookup over and over,
because it's called a *lot* in the request critical path. .Value is
concurrency-safe so uses some kind of locking/atomicity, but it should never
be read before first write, plus we don't believe this will be called from
different goroutines, so it should be safe.