x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-pfmw-vj74-ph8g #611
Description
In GitHub Security Advisory GHSA-pfmw-vj74-ph8g, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/hashicorp/vault | 1.8.5 | >= 1.8.0, < 1.8.5 |
See doc/triage.md for instructions on how to triage this report.
packages:
- package: github.com/hashicorp/vault
versions:
- introduced: 1.8.0
fixed: 1.8.5
- package: github.com/hashicorp/vault
versions:
- introduced: TODO (earliest fixed "1.7.6", vuln range "> 0.11.0, < 1.7.6")
description: HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated
ACL policies would always match the first-created entity alias if multiple entity
aliases exist for a specified entity and mount combination, potentially resulting
in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5,
and 1.9.0.
published: 2021-12-02T17:48:30Z
last_modified: 2021-12-02T17:48:31Z
cves:
- CVE-2021-43998
ghsas:
- GHSA-pfmw-vj74-ph8g
links:
context:
- https://github.com/advisories/GHSA-pfmw-vj74-ph8g