CVE-2022-40186

CRITICAL

HashiCorp Vault < 1.9.9 and 1.11.0-1.11.3 - Authorization Bypass via Entity Alias Metadata Overwrite

Title source: llm

Description

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.

References (3)

Core 3

Core References

Vendor Advisory

https://discuss.hashicorp.com

Vendor Advisory

https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550

Third Party Advisory

https://security.netapp.com/advisory/ntap-20221111-0008/

Scores

CVSS v3 9.1

EPSS 0.0076

EPSS Percentile 50.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-639

Status published

Products (2)

hashicorp/vault 1.11.0 - 1.11.3Go

hashicorp/vault 1.8.0 - 1.9.9 (2 CPE variants)

Published Sep 22, 2022

Tracked Since Feb 18, 2026