AVG-2294 log

Package vault
Status Vulnerable
Severity Medium
Type multiple issues
Affected 1.7.3-1
Fixed Unknown
Current 1.7.3-1 [community]
Ticket Create
Created Fri Aug 13 18:14:58 2021
Issue Severity Remote Type Description
CVE-2021-41802 Medium Yes Privilege escalation
HashiCorp Vault through 1.7.4 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other...
CVE-2021-38554 Medium No Information disclosure
HashiCorp Vault's UI up to version 1.7.3 erroneously cached and exposed user-viewed secrets between sessions in a single shared browser.
CVE-2021-38553 Low No Denial of service
HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem...