CVE-2022-40186

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.

Published: Sep 22, 2022
Updated: May 9, 2024
CVE: CVE-2022-40186
GHSA: GHSA-7cgv-v83v-rr87
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.1
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
hashicorp / vault	1.11.0	1.11.3
hashicorp / vault	1.8.0	1.9.9
hashicorp / vault	1.10.0	1.10.6
github.com/hashicorp/vault	1.11.0	1.11.3
github.com/hashicorp/vault	1.10.0	1.10.6
github.com/hashicorp/vault	1.8.0	1.9.9

https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550
https://security.netapp.com/advisory/ntap-20221111-0008/

Vulnerability Database

CVE-2022-40186