CVE-2022-40186Authorization Bypass Through User-Controlled Key in Hashicorp Vault

CWE-639Authorization Bypass Through User-Controlled Key5 documents4 sources
Severity
9.1CRITICALNVD
EPSS
0.5%
top 34.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Hashicorp VaultHashicorp Vault
Timeline
PublishedSep 22
Latest updateAug 21

Description

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

NVDhashicorp/vault1.8.01.9.9+2
Gogithub.com/hashicorp_vault1.11.01.11.3+2

🔴Vulnerability Details

3
OSV
HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault2024-08-21
OSV
HashiCorp Vault vulnerable to incorrect metadata access2022-09-23
GHSA
HashiCorp Vault vulnerable to incorrect metadata access2022-09-23

📋Vendor Advisories

1
Red Hat
vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity2022-09-22