Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
Hashicorp HashiCorp Vault 安全漏洞
Vulnerability Description
Hashicorp HashiCorp Vault是美国HashiCorp(Hashicorp)公司的一款私钥访问管理工具。 HashiCorp Vault and Vault Enterprise 存在安全漏洞,该漏洞源于允许对实体别名 ID 具有写入权限的用户与另一个用户共享装载访问者,通过合并他们的身份来获取其他用户的策略。
CVSS Information
N/A
Vulnerability Type
N/A