AVG-2294 log
| Package | vault |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 1.7.3-1 |
| Fixed | 1.9.0-1 |
| Current | 1.16.2-1 [extra] |
| Ticket | None |
| Created | Fri Aug 13 18:14:58 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-43998 | Medium | Yes | Access restriction bypass | In HashiCorp Vault before version 1.9.0, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a... |
| CVE-2021-41802 | Medium | Yes | Privilege escalation | HashiCorp Vault through 1.7.4 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other... |
| CVE-2021-38554 | Medium | No | Information disclosure | HashiCorp Vault's UI up to version 1.7.3 erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. |
| CVE-2021-38553 | Low | No | Denial of service | HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem... |