Identity Engine Vulnerability in HashiCorp Vault Affects Multiple Mount Accessors
CVE-2022-40186
9.1CRITICAL
What is CVE-2022-40186?
A vulnerability was identified in HashiCorp Vault and Vault Enterprise versions prior to 1.11.3 within the Identity Engine. In scenarios where an entity utilizes multiple mount accessors sharing identical alias names, the system may incorrectly overwrite metadata, linking it to the wrong alias. This flaw compromises access pathways to key/value data based on incorrect metadata assignments, potentially leading to unauthorized data exposure.