CVE-2021-43998 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Access restriction bypass |
| Description | In HashiCorp Vault before version 1.9.0, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2294 | vault | 1.7.3-1 | 1.9.0-1 | Medium | Fixed |
| References |
|---|
https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132 |