4 matches found
CVE-2021-41802
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4...
CVE-2021-41802 vulnerabilities
Vulnerabilities for packages: k3d...
CVE-2021-41802
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4...
CVE-2021-41802
CVE-2021-41802 affects HashiCorp Vault and Vault Enterprise up to versions 1.7.4 and 1.8.3. A user with write permission to an entity alias ID sharing a mount accessor with another user could obtain the other user’s policies by merging identities, enabling privilege escalation. The issue is fixed...