VDB
CVE-2021-43998
CVE-2021-43998
PUBLISHED
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
EPSS 0.26% · 50.0th percentile
Risk Scores
EPSS Score
0.26%
50.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | vault | 0.11.0, 1.8.4 |
| Bitnami | vault | 1.8.4, 0.11.0 |
Timeline
- Nov 18, 2021 CVE Published
- Dec 1, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 25, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 14, 2022 EPSS Score
- Jul 8, 2022 EPSS Score
- Aug 10, 2022 CVE Updated
- Sep 2, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 21, 2022 EPSS Score