Vulnerabilities > Hashicorp > Vault > 1.5.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-08 | CVE-2021-41802 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. | 5.5 |
2021-08-13 | CVE-2021-38553 | Improper Preservation of Permissions vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. | 4.4 |
2021-08-13 | CVE-2021-38554 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. | 3.5 |