Information disclosure in HashiCorp Vault



Published: 2022-09-21
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-40186
CWE-ID CWE-264
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Vault
Web applications / Modules and components for CMS

Vault Enterprise
Web applications / Modules and components for CMS

Vendor HashiCorp

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU67534

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40186

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the application permits usage of entity aliases mapped to a single entity share with the same alias name. A local user can create a share with the same alias name as used by another user and wait for the other user to login. After the victim logs in, the attacker will be able to gain access to files metadata in the victim's share.

Successful exploitation of the vulnerability requires that templated ACL policy is enabled and that the policy uses alias.Name, which is derived from the alias name.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vault: 1.8.0 - 1.11.2

Vault Enterprise: 1.8.0 - 1.11.2

External links

http://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###