HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
References
Link | Resource |
---|---|
https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168 | Vendor Advisory |
https://security.gentoo.org/glsa/202207-01 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-13T15:48:47
Updated: 2022-08-01T20:07:16
Reserved: 2021-08-11T00:00:00
Link: CVE-2021-38553
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-13T16:15:08.080
Modified: 2022-10-25T20:54:23.367
Link: CVE-2021-38553
JSON object: View
Redhat Information
No data.
CWE