2 matches found
Vault Operators in Root Namespace May Elevate Their Privileges
Summary A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. This vulnerability, identified as CVE-2024-9180, is fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18....
Vault Merging Multiple Entity Aliases for the Same Mount May Allow Privilege Escalation
Summary A Vault or Vault Enterprise “Vault” user with write permission to an entity alias ID sharing a mount accessor with another user may acquire this other user’s policies by merging their identities. This vulnerability, CVE-2021-41802, was fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4...