HashiCorp Vault vulnerable to incorrect metadata access

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checkin...

PT-2022-25266 · Hashicorp +1 · Hashicorp Vault +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault versions prior to 1.11.3 HashiCorp Vault Enterprise versions prior to 1.11.3 Description: A vulnerability in the Identity Engine of HashiCorp Vault was found where, in a deployment with an entity having multiple mount accessor...