CVE-2021-38553

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-38553

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38553.json

Aliases

BIT-vault-2021-38553
GHSA-23fq-q7hc-993r

Published

2021-08-13T16:15:08Z

Modified

2023-12-06T01:01:25.747512Z

Details

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

References

https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168
https://security.gentoo.org/glsa/202207-01

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Introduced

d808ace758b9bac5c84a9634ffbfae43c5f5a3ad

Fixed

82a99f14eb6133f99a975e653d4dac21c17505c7