cvedb.io
CVE-2021-41802
LOW · CVSS 2.9
EPSS exploitation probability: 0%
Published 2021-10-08T17:15:07.853 · Last modified 2026-06-17T04:08:56.433

Summary

HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.

Affected products

hashicorp — vault

Does this affect you?

Add your gear to cvedb and we'll alert you only when hashicorp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.