漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HashiCorp Vault 安全漏洞
Vulnerability Description
HashiCorp Vault是美国HashiCorp公司的一款私钥访问管理工具。 HashiCorp Vault 和 Vault Enterprise 1.8.0到1.11.2版本存在安全漏洞,该漏洞源于检查分配给实体的正确别名的问题,Vault 可能会将元数据覆盖为错误的别名,攻击者利用该漏洞可以使用 Vault 中的元数据意外访问键/值路径。
CVSS Information
N/A
Vulnerability Type
N/A