CVE-2021-41802 log

Source
Severity Medium
Remote Yes
Type Privilege escalation
Description
HashiCorp Vault through 1.7.4 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities.
Group Package Affected Fixed Severity Status Ticket
AVG-2294 vault 1.7.3-1 Medium Vulnerable
References
https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/30420