Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HashiCorp Vault 安全漏洞
Vulnerability Description
HashiCorp Vault是美国HashiCorp公司的一款私钥访问管理工具。 HashiCorp Vault 和 Vault Enterprise 1.8.0到1.11.2版本存在安全漏洞,该漏洞源于检查分配给实体的正确别名的问题,Vault 可能会将元数据覆盖为错误的别名,攻击者利用该漏洞可以使用 Vault 中的元数据意外访问键/值路径。
CVSS Information
N/A
Vulnerability Type
N/A