Published: 30/11/2021 Updated: 08/09/2022

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 5.2 | Exploitability Score: 1.2

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hashicorp vault
hashicorp vault 1.8.4

Synopsis Moderate: OpenShift Container Platform 4130 CNF vRAN extras security update Type/Severity Security Advisory: Moderate Topic An update for ztp-site-generate-container, topology-aware-lifecycle-manager and bare-metal-event-relay is now available for Red Hat OpenShift Container Platform 413Red Hat Product Security has rated this upd ...

Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...

In HashiCorp Vault before version 190, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement ...

CWE-732 https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132 https://security.gentoo.org/glsa/202207-01 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:2138 https://security.archlinux.org/CVE-2021-43998

CVE-2021-43998

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect