VYPR
Critical severityNVD Advisory· Published Nov 30, 2021· Updated Aug 4, 2024

CVE-2021-43998

CVE-2021-43998

Description

HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/vaultGo
>= 0.11.0, < 1.7.61.7.6
github.com/hashicorp/vaultGo
>= 1.8.0, < 1.8.51.8.5

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.