Main Vulnerability Database Vulnerabilities #VU67534

#VU67534 Permissions, Privileges, and Access Controls in Vault and Vault Enterprise - CVE-2022-40186

Published: September 21, 2022

Vulnerability identifier: #VU67534

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-40186

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Vault
Vault Enterprise

Software vendor:
HashiCorp

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the application permits usage of entity aliases mapped to a single entity share with the same alias name. A local user can create a share with the same alias name as used by another user and wait for the other user to login. After the victim logs in, the attacker will be able to gain access to files metadata in the victim's share.

Successful exploitation of the vulnerability requires that templated ACL policy is enabled and that the policy uses alias.Name, which is derived from the alias name.

Remediation

Install updates from vendor's website.

External links

https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550