AVG-2294 log

Package vault
Status Fixed
Severity Medium
Type multiple issues
Affected 1.7.3-1
Fixed 1.9.0-1
Current 1.16.1-1 [extra]
Ticket None
Created Fri Aug 13 18:14:58 2021
Issue Severity Remote Type Description
CVE-2021-43998 Medium Yes Access restriction bypass
In HashiCorp Vault before version 1.9.0, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a...
CVE-2021-41802 Medium Yes Privilege escalation
HashiCorp Vault through 1.7.4 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other...
CVE-2021-38554 Medium No Information disclosure
HashiCorp Vault's UI up to version 1.7.3 erroneously cached and exposed user-viewed secrets between sessions in a single shared browser.
CVE-2021-38553 Low No Denial of service
HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem...