AVG-2294 log
Package | vault |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 1.7.3-1 |
Fixed | 1.9.0-1 |
Current | 1.17.5-1 [extra] |
Ticket | None |
Created | Fri Aug 13 18:14:58 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-43998 | Medium | Yes | Access restriction bypass | In HashiCorp Vault before version 1.9.0, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a... |
CVE-2021-41802 | Medium | Yes | Privilege escalation | HashiCorp Vault through 1.7.4 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other... |
CVE-2021-38554 | Medium | No | Information disclosure | HashiCorp Vault's UI up to version 1.7.3 erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. |
CVE-2021-38553 | Low | No | Denial of service | HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem... |