Published: 22/09/2022 Updated: 20/01/2023

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 0

An issue exists in HashiCorp Vault and Vault Enterprise prior to 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hashicorp vault

Synopsis Important: Red Hat OpenShift Data Foundation 4117 Bug Fix and security update Type/Severity Security Advisory: Important Topic Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4117 on Red Hat Enterprise Linux 8 from Red Hat Container RegistryRed Hat Product Security has rated this upda ...

NVD-CWE-noinfo https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550 https://discuss.hashicorp.com https://security.netapp.com/advisory/ntap-20221111-0008/https://access.redhat.com/errata/RHSA-2023:2023 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-40186

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect