---

CVE-2021-43998 - log back

CVE-2021-43998 edited at 30 Nov 2021 19:59:20
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Access restriction bypass
Description	+ In HashiCorp Vault before version 1.9.0, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement.
References	+ https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132

CVE-2021-43998 created at 30 Nov 2021 19:57:37
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes