CVE-2021-41802

Posted on by admin

CVE-2021-41802

HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.

Source: CVE-2021-41802

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다