HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-10-08T17:00:01
Updated: 2024-08-04T03:22:24.278Z
Reserved: 2021-09-29T00:00:00
Link: CVE-2021-41802
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-10-08T17:15:07.853
Modified: 2024-11-21T06:26:47.460
Link: CVE-2021-41802
Redhat