First published: Fri Aug 13 2021(Updated: )
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
HashiCorp Vault | >=1.4.0<1.8.0 | |
HashiCorp Vault | >=1.4.0<1.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-38553 is a vulnerability in HashiCorp Vault and Vault Enterprise versions 1.4.0 through 1.7.3 that initialized an underlying database file with excessively broad filesystem permissions.
CVE-2021-38553 affects HashiCorp Vault versions 1.4.0 through 1.7.3 by initializing the integrated storage feature with excessively broad filesystem permissions.
CVE-2021-38553 has a severity rating of medium (4.4).
To fix CVE-2021-38553, it is recommended to upgrade to HashiCorp Vault and Vault Enterprise version 1.8.0 or later.
You can find more information about CVE-2021-38553 at the following references: [Link 1](https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168) and [Link 2](https://security.gentoo.org/glsa/202207-01).