---

CVE-2021-41802 - log back

CVE-2021-41802 edited at 08 Oct 2021 18:59:25
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Privilege escalation
Description	+ HashiCorp Vault through 1.7.4 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities.
References	+ https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/30420

CVE-2021-41802 created at 08 Oct 2021 18:58:04
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes