4 matches found
PT-2026-51045
Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.12 Description Authenticated users can modify the mutable public.users.email variable to arbitrary addresses. The SSO provisioning endpoint trusts this value as an account-merge key. This allows an attacker to...
EUVD-2021-2251
Malware in sbrugna...
CVE-2021-41802
CVE-2021-41802 affects HashiCorp Vault and Vault Enterprise up to versions 1.7.4 and 1.8.3. A user with write permission to an entity alias ID sharing a mount accessor with another user could obtain the other user’s policies by merging identities, enabling privilege escalation. The issue is fixed...
Hashicorp HashiCorp Vault 安全漏洞
HashiCorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp, U.S. A security vulnerability exists in HashiCorp Vault and Vault Enterprise, which stems from allowing a user with write access to an entity alias ID to share with another user load visitors to gain acces...