Access Restriction Bypass Affecting github.com/hashicorp/vault/vault package, versions >=1.7.0 <1.7.4 >=1.8.0 <1.8.4
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-GOLANG-GITHUBCOMHASHICORPVAULTVAULT-1729977
- published 10 Oct 2021
- disclosed 10 Oct 2021
- credit mdgreenfield
How to fix?
github.com/hashicorp/vault/vault to version 1.7.4, 1.8.4 or higher.
github.com/hashicorp/vault/vault is a tool for securely accessing secrets.
Affected versions of this package are vulnerable to Access Restriction Bypass. It allows a user with
write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities.