CVE-2022-40186

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-40186
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40186.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-40186
Aliases
Published
2022-09-22T01:15:12Z
Modified
2024-05-29T21:34:54Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/vault
Events