Lucene search
GoogleOSV:GHSA-QV95-G3GM-X542HistoryOct 12, 2021 - 4:39 p.m.
Hashicorp Vault Privilege Escalation Vulnerability
2021-10-1216:39:01
Google
osv.dev
24
0.001 Low
EPSS
Percentile
22.7%
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hashicorp/vault | ge | 1.8.0 | |
| github.com/hashicorp/vault | lt | 1.7.5 | |
| github.com/hashicorp/vault | lt | 1.8.4 |
Related
osv
osv
CVE-2021-41802
2021-10-08 17:15:07
BIT-vault-2021-41802
2024-03-06 11:10:33
cnvd
cnvd
Hashicorp HashiCorp Vault has an unspecified vulnerability
2021-10-11 00:00:00
veracode
veracode
Privilege Escalation
2021-10-11 10:17:06
alpinelinux
alpinelinux
CVE-2021-41802
2021-10-08 17:15:00
cvelist
cvelist
CVE-2021-41802
2021-10-08 17:00:01
nvd
nvd
CVE-2021-41802
2021-10-08 17:15:07
prion
prion
Denial of service
2021-10-08 17:15:00
github
github
Hashicorp Vault Privilege Escalation Vulnerability
2021-10-12 16:39:01
redhatcve
redhatcve
CVE-2021-41802
2021-10-26 13:20:14
cgr
cgr
CVE-2021-41802 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2021-41802
2021-10-08 17:15:07
wolfi
wolfi
CVE-2021-41802 vulnerabilities
2024-07-09 09:08:46
nessus
nessus
GLSA-202207-01 : HashiCorp Vault: Multiple Vulnerabilities
2022-08-02 00:00:00
gentoo
gentoo
HashiCorp Vault: Multiple Vulnerabilities
2022-07-29 00:00:00