CVE-2021-41802 is a vulnerability in HashiCorp Vault
Published on October 8, 2021

HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other users policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

NONE

Products Associated with CVE-2021-41802

Want to know whenever a new CVE is published for HashiCorp Vault? stack.watch will email you.

HashiCorp Vault

Exploit Probability

EPSS

0.25%

Percentile

48.43%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-41802 is a vulnerability in HashiCorp VaultPublished on October 8, 2021

Vulnerability Analysis

Products Associated with CVE-2021-41802

Exploit Probability

CVE-2021-41802 is a vulnerability in HashiCorp Vault
Published on October 8, 2021