Excessive Filesystem Permissions in HashiCorp Vault Integrated Storage (CVE-2021-3121)

Excessive Filesystem Permissions in HashiCorp Vault Integrated Storage (CVE-2021-3121)

CVE-2021-38553 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

Learn more about our Web Application Penetration Testing UK.