Lucene search
Veracode Vulnerability DatabaseVERACODE:32458HistoryOct 11, 2021 - 10:17 a.m.
Privilege Escalation
2021-10-1110:17:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.001 Low
EPSS
Percentile
22.7%
github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability exists due to improper conditional check in handleAliasUpdate function in identity_store_aliases.go allowing an authenticated attacker with specific write permissions to gain elevated privileges to perform unauthorized actions.
References
discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation/
github.com/hashicorp/vault/commit/52598d9fed704cfd73952109e33d54e624849f8e
github.com/hashicorp/vault/issues/11277
github.com/hashicorp/vault/pull/12473
security.gentoo.org/glsa/202207-01
Related
alpinelinux
alpinelinux
CVE-2021-41802
2021-10-08 17:15:00
cnvd
cnvd
Hashicorp HashiCorp Vault has an unspecified vulnerability
2021-10-11 00:00:00
osv
osv
CVE-2021-41802
2021-10-08 17:15:07
Hashicorp Vault Privilege Escalation Vulnerability
2021-10-12 16:39:01
BIT-vault-2021-41802
2024-03-06 11:10:33
github
github
Hashicorp Vault Privilege Escalation Vulnerability
2021-10-12 16:39:01
prion
prion
Denial of service
2021-10-08 17:15:00
nvd
nvd
CVE-2021-41802
2021-10-08 17:15:07
cvelist
cvelist
CVE-2021-41802
2021-10-08 17:00:01
redhatcve
redhatcve
CVE-2021-41802
2021-10-26 13:20:14
cgr
cgr
CVE-2021-41802 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2021-41802
2021-10-08 17:15:07
wolfi
wolfi
CVE-2021-41802 vulnerabilities
2024-07-05 21:08:40
gentoo
gentoo
HashiCorp Vault: Multiple Vulnerabilities
2022-07-29 00:00:00
nessus
nessus
GLSA-202207-01 : HashiCorp Vault: Multiple Vulnerabilities
2022-08-02 00:00:00