1995209 – (CVE-2021-38553) CVE-2021-38553 vault: Underlying database file with excessively broad filesystem permissions

Bug 1995209 (CVE-2021-38553) - CVE-2021-38553 vault: Underlying database file with excessively broad filesystem permissions

Summary: CVE-2021-38553 vault: Underlying database file with excessively broad filesys...

Keywords:
Status:	NEW
Alias:	CVE-2021-38553
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2169368
Blocks:	1995210
TreeView+	depends on / blocked

Reported:	2021-08-18 16:09 UTC by Pedro Sampaio
Modified:	2023-10-25 17:21 UTC (History)
CC List:	19 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Vault package. Affected versions of the HashiCorp Vault initialized an underlying database file associated with the Integrated Storage feature, which has excessively broad filesystem permissions.
Clone Of:
Environment:
Last Closed:	2021-08-27 15:34:55 UTC
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2021-08-18 16:09:36 UTC

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

References:

https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168

Comment 1 Product Security DevOps Team 2021-08-27 15:34:55 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-38553

Note You need to log in before you can comment on or make changes to this bug.