CVE-2021-38553

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-38553

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38553.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-38553

Aliases

Published

2021-08-13T16:15:08.080Z

Modified

2026-03-14T11:06:14.339820Z

Severity

4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type

GIT

Repo

https://github.com/hashicorp/vault

Events

Introduced

d808ace758b9bac5c84a9634ffbfae43c5f5a3ad

Fixed

82a99f14eb6133f99a975e653d4dac21c17505c7

Introduced

d808ace758b9bac5c84a9634ffbfae43c5f5a3ad

Fixed

82a99f14eb6133f99a975e653d4dac21c17505c7

Database specific

{
    "versions": [
        {
            "introduced": "1.4.0"
        },
        {
            "fixed": "1.8.0"
        },
        {
            "introduced": "1.4.0"
        },
        {
            "fixed": "1.8.0"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38553.json"