CVE-2021-43998 log

Severity Medium
Remote Yes
Type Access restriction bypass
In HashiCorp Vault before version 1.9.0, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement.
Group Package Affected Fixed Severity Status Ticket
AVG-2294 vault 1.7.3-1 1.9.0-1 Medium Fixed