CVE-2021-38553
First published: Fri Aug 13 2021(Updated: )
HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Vault | >=1.4.0<1.8.0 | |
| HashiCorp Vault | >=1.4.0<1.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-38553?
CVE-2021-38553 is a vulnerability in HashiCorp Vault and Vault Enterprise versions 1.4.0 through 1.7.3 that initialized an underlying database file with excessively broad filesystem permissions.
How does CVE-2021-38553 affect HashiCorp Vault?
CVE-2021-38553 affects HashiCorp Vault versions 1.4.0 through 1.7.3 by initializing the integrated storage feature with excessively broad filesystem permissions.
What is the severity of CVE-2021-38553?
CVE-2021-38553 has a severity rating of medium (4.4).
How can I fix CVE-2021-38553?
To fix CVE-2021-38553, it is recommended to upgrade to HashiCorp Vault and Vault Enterprise version 1.8.0 or later.
Where can I find more information about CVE-2021-38553?
You can find more information about CVE-2021-38553 at the following references: [Link 1](https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168) and [Link 2](https://security.gentoo.org/glsa/202207-01).
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/type
- vendor/hashicorp
- canonical/hashicorp vault
- version/hashicorp vault/1.4.0