Search for packages
| purl | pkg:alpm/archlinux/vault@1.7.3-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4795-vxdy-w7g3
Aliases: CVE-2021-43998 GHSA-pfmw-vj74-ph8g |
HashiCorp Vault Incorrect Permission Assignment for Critical Resource HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0. |
Affected by 0 other vulnerabilities. |
|
VCID-bfm3-2zvj-5bca
Aliases: CVE-2021-42135 GHSA-362v-wg5p-64w2 |
Incorrect Privilege Assignment in HashiCorp Vault HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials. | There are no reported fixed by versions. |
|
VCID-rk2n-tuu9-fbdc
Aliases: CVE-2021-38553 GHSA-23fq-q7hc-993r |
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0. |
Affected by 0 other vulnerabilities. |
|
VCID-xerz-1x1v-uuap
Aliases: CVE-2021-41802 GHSA-qv95-g3gm-x542 |
Hashicorp Vault Privilege Escalation Vulnerability HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4. |
Affected by 0 other vulnerabilities. |
|
VCID-xk9c-q66v-3kcx
Aliases: CVE-2021-38554 GHSA-6239-28c2-9mrm |
Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T18:26:33.657998+00:00 | Arch Linux Importer | Affected by | VCID-bfm3-2zvj-5bca | https://security.archlinux.org/AVG-2457 | 38.0.0 |
| 2026-04-01T18:26:28.415480+00:00 | Arch Linux Importer | Affected by | VCID-rk2n-tuu9-fbdc | https://security.archlinux.org/AVG-2294 | 38.0.0 |
| 2026-04-01T18:26:28.376915+00:00 | Arch Linux Importer | Affected by | VCID-xk9c-q66v-3kcx | https://security.archlinux.org/AVG-2294 | 38.0.0 |
| 2026-04-01T18:26:28.354594+00:00 | Arch Linux Importer | Affected by | VCID-xerz-1x1v-uuap | https://security.archlinux.org/AVG-2294 | 38.0.0 |
| 2026-04-01T18:26:28.325113+00:00 | Arch Linux Importer | Affected by | VCID-4795-vxdy-w7g3 | https://security.archlinux.org/AVG-2294 | 38.0.0 |