HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-11-30T14:59:08
Updated: 2024-08-04T04:10:17.167Z
Reserved: 2021-11-17T00:00:00
Link: CVE-2021-43998
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-11-30T15:15:07.360
Modified: 2022-09-08T21:42:33.570
Link: CVE-2021-43998
Redhat