CVE-2021-42135

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.
Configurations

Configuration 1

cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*

Information

Published : 2021-10-11 03:15

Updated : 2022-07-12 05:42


NVD link : CVE-2021-42135

Mitre link : CVE-2021-42135

Products Affected
No products.
CWE