Authorization Bypass in HashiCorp Vault Enterprise
CVE-2021-27668

5.3MEDIUM

Key Information:

Vendor

Hashicorp
Status
Vault
Vendor
CVE Published:
31 August 2021

What is CVE-2021-27668?

HashiCorp Vault Enterprise versions 0.9.2 through 1.6.2 permitted unauthorized reading of license metadata from disaster recovery (DR) secondaries. This flaw could lead to the exposure of sensitive license information to unprivileged users, undermining the integrity of access controls. The issue has been resolved in version 1.6.3, which ensures proper authentication is required to access license metadata.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enter...
x_refsource_MISC
https://security.gentoo.org/glsa/202207-01
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.