China National Vulnerability DatabaseCNVD-2021-103413Hashicorp HashiCorp Vault has an unspecified vulnerability
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
HashiCorp HashiCorp Vault is a private key access management tool from HashiCorp (Hashicorp), U.S. A security vulnerability exists in HashiCorp Vault and Vault Enterprise, which stems from allowing a user with write access to an entity alias ID to share with another user load visitors to gain access to other users’ policies by merging their identities. No detailed vulnerability details are available at this time.
| CPE | Name | Operator | Version |
|---|---|---|---|
| hashicorp vault | lt | 1.7.5 | |
| hashicorp vault enterprise | lt | 1.8.4 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N