CVE-2022-40186
published 2022-09-22CVE-2022-40186: An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an…
PriorityP346critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.76%
50.7th percentile
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 1.10.0 < 1.10.6 | 1.10.6 |
| github.com | hashicorp_vault | >= 1.11.0 < 1.11.3 | 1.11.3 |
| github.com | hashicorp_vault | >= 1.8.0 < 1.9.9 | 1.9.9 |
| hashicorp | vault | >= 1.10.0 < 1.10.6 | 1.10.6 |
| hashicorp | vault | >= 1.11.0 < 1.11.3 | 1.11.3 |
| hashicorp | vault | >= 1.8.0 < 1.9.9 | 1.9.9 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vendor_redhat9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault
osv·2024-08-21
CVE-2022-40186 HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault
HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault
HashiCorp Vault vulnerable to incorrect metadata access in github.com/hashicorp/vault
OSV
HashiCorp Vault vulnerable to incorrect metadata access
osv·2022-09-23
CVE-2022-40186 [CRITICAL] HashiCorp Vault vulnerable to incorrect metadata access
HashiCorp Vault vulnerable to incorrect metadata access
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
GHSA
HashiCorp Vault vulnerable to incorrect metadata access
ghsa·2022-09-23
CVE-2022-40186 [CRITICAL] CWE-639 HashiCorp Vault vulnerable to incorrect metadata access
HashiCorp Vault vulnerable to incorrect metadata access
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
Red Hat
vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity
vendor_redhat·2022-09-22·CVSS 9.1
CVE-2022-40186 [CRITICAL] vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity
vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.
A flaw was found in HashiCorp Vault and Vault Enterprise, where they could allow a locally authenticated attacker to gain unauthorized access to the system, caused by a flaw in the alias naming schema implementation for mount accessors with shared alias names in the
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550https://security.netapp.com/advisory/ntap-20221111-0008/https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550https://security.netapp.com/advisory/ntap-20221111-0008/
2022-09-22
Published