HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-11-30T14:59:08

Updated: 2024-08-04T04:10:17.167Z

Reserved: 2021-11-17T00:00:00

Link: CVE-2021-43998

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-11-30T15:15:07.360

Modified: 2022-09-08T21:42:33.570

Link: CVE-2021-43998

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-11-18T00:00:00Z

Links: CVE-2021-43998 - Bugzilla