Vulnerabilities > CVE-2021-38553 - Improper Preservation of Permissions vulnerability in Hashicorp Vault

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

hashicorp

CWE-281

NVD

Published: 2021-08-13

Updated: 2022-10-25

Summary

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

Vulnerable Configurations

Part	Description	Count
Application	Hashicorp Hashicorp Vault 1.4.0 Hashicorp Vault 1.4.1 Hashicorp Vault 1.4.2 Hashicorp Vault 1.4.3 Hashicorp Vault 1.4.4 Hashicorp Vault 1.4.5 Hashicorp Vault 1.4.5.1 Hashicorp Vault 1.4.6 Hashicorp Vault 1.4.7 Hashicorp Vault 1.5.0 Hashicorp Vault 1.5.1 Hashicorp Vault 1.5.2 Hashicorp Vault 1.5.2.1 Hashicorp Vault 1.5.3 Hashicorp Vault 1.5.4 Hashicorp Vault 1.5.5 Hashicorp Vault 1.5.6 Hashicorp Vault 1.5.7 Hashicorp Vault 1.5.8 Hashicorp Vault 1.5.9 Hashicorp Vault 1.6.0 Hashicorp Vault 1.6.1 Hashicorp Vault 1.6.2 Hashicorp Vault 1.6.3 Hashicorp Vault 1.6.4 Hashicorp Vault 1.6.5 Hashicorp Vault 1.7.0 Hashicorp Vault 1.7.1 Hashicorp Vault 1.7.2 Hashicorp Vault 1.7.3 Hashicorp Vault 1.7.4 Hashicorp Vault 1.7.5 Hashicorp Vault 1.7.6 Hashicorp Vault 1.7.7 Hashicorp Vault 1.7.8 Hashicorp Vault 1.7.9 Hashicorp Vault 1.7.10	79

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References