Affected by GO-2022-0578
and 17 other vulnerabilities
GO-2022-0578: Incorrect Privilege Assignment in HashiCorp Vault in github.com/hashicorp/vault
GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault
GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault
GO-2022-1021: HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault
GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault
GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault
GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault
GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault
GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault
GO-2023-2063: HashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault
GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault
GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault
GO-2024-2617: Authentication bypass in github.com/hashicorp/vault
GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault
GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault
GO-2024-3162: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault
GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault
ComparePolicies checks whether the given policy sets are equivalent, as in,
they contain the same values. The benefit of this method is that it leaves
the "default" policy out of its comparisons as it may be added later by core
after a set of policies has been saved by a backend.