Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
436
VMScore

CVE-2021-42135

Published: 11/10/2021 Updated: 12/07/2022
CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 436
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N

Vulnerability Summary

HashiCorp Vault and Vault Enterprise 1.8.x up to and including 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

hashicorp vault

Vendor Advisories

Arch Linux Issues:
HashiCorp Vault 18x through 184 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine Users may, in some situations, have more privileges than intended, eg, a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials ...

References

CWE-269https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards/https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-42135
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camerabypassCVE-2024-3592CVE-2024-37383CVE-2024-24919CVE-2024-27822CVE-2024-36788CVE-2024-36789man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook