CVE-2021-43998

Опубликовано: 18 нояб. 2021

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.

A flaw was found in HashiCorp Vault. In affected versions of HashiCorp Vault and Vault Enterprise, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement.

Затронутые пакеты

Платформа	Пакет	Состояние
Logging Subsystem for Red Hat OpenShift	openshift-logging/logging-loki-rhel8	Not affected
Red Hat OpenShift Container Platform 4	openshift4/ose-installer	Not affected
Red Hat Openshift Container Storage 4	ocs4/cephcsi-rhel8	Out of support scope
Red Hat Openshift Container Storage 4	ocs4/mcg-rhel8-operator	Out of support scope
Red Hat Openshift Container Storage 4	ocs4/ocs-rhel8-operator	Out of support scope
Red Hat Openshift Container Storage 4	ocs4/rook-ceph-rhel8-operator	Out of support scope
Red Hat Openshift Data Foundation 4	odf4/cephcsi-rhel9	Affected
Red Hat Openshift Data Foundation 4	odf4/mcg-rhel9-operator	Affected
Red Hat Openshift Data Foundation 4	odf4/ocs-rhel9-operator	Affected
Red Hat Openshift Data Foundation 4	odf4/odf-multicluster-rhel9-operator	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-732

https://bugzilla.redhat.com/show_bug.cgi?id=2028193vault: incorrect policy enforcement

EPSS

Процентиль: 51%

0.00281

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-43998

CVSS3: 6.5

nvd

около 4 лет назад

GHSA-pfmw-vj74-ph8g

CVSS3: 9.1

github