Описание
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
A flaw was found in the Vault package. Affected versions of the HashiCorp Vault initialized an underlying database file associated with the Integrated Storage feature, which has excessively broad filesystem permissions.
Отчет
Only Vault clusters utilizing Integrated Storage are affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel8 | Not affected | ||
| OpenShift Service Mesh 2.0 | servicemesh | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | vault | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-installer | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/topology-aware-lifecycle-manager-rhel8-operator | Fix deferred | ||
| Red Hat Openshift Container Storage 4 | ocs4/cephcsi-rhel8 | Out of support scope | ||
| Red Hat Openshift Container Storage 4 | ocs4/mcg-rhel8-operator | Out of support scope | ||
| Red Hat Openshift Container Storage 4 | ocs4/ocs-rhel8-operator | Out of support scope | ||
| Red Hat Openshift Container Storage 4 | ocs4/rook-ceph-rhel8-operator | Out of support scope | ||
| Red Hat Openshift Data Foundation 4 | odf4/cephcsi-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
4.4 Medium
CVSS3
Связанные уязвимости
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
4.4 Medium
CVSS3