VulnerableCode Package Details - pkg:alpm/archlinux/vault@1.9.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4795-vxdy-w7g3	HashiCorp Vault Incorrect Permission Assignment for Critical Resource HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.	CVE-2021-43998 GHSA-pfmw-vj74-ph8g
VCID-rk2n-tuu9-fbdc	HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.	CVE-2021-38553 GHSA-23fq-q7hc-993r
VCID-xerz-1x1v-uuap	Hashicorp Vault Privilege Escalation Vulnerability HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.	CVE-2021-41802 GHSA-qv95-g3gm-x542
VCID-xk9c-q66v-3kcx	Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.	CVE-2021-38554 GHSA-6239-28c2-9mrm

Vulnerability

Summary

Aliases

VCID-4795-vxdy-w7g3

HashiCorp Vault Incorrect Permission Assignment for Critical Resource HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.

CVE-2021-43998
GHSA-pfmw-vj74-ph8g

VCID-rk2n-tuu9-fbdc

HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

CVE-2021-38553
GHSA-23fq-q7hc-993r

VCID-xerz-1x1v-uuap

Hashicorp Vault Privilege Escalation Vulnerability HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4.

CVE-2021-41802
GHSA-qv95-g3gm-x542

VCID-xk9c-q66v-3kcx

Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases.

CVE-2021-38554
GHSA-6239-28c2-9mrm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:28.419314+00:00	Arch Linux Importer	Fixing	VCID-rk2n-tuu9-fbdc	https://security.archlinux.org/AVG-2294	38.0.0
2026-04-01T18:26:28.380756+00:00	Arch Linux Importer	Fixing	VCID-xk9c-q66v-3kcx	https://security.archlinux.org/AVG-2294	38.0.0
2026-04-01T18:26:28.358715+00:00	Arch Linux Importer	Fixing	VCID-xerz-1x1v-uuap	https://security.archlinux.org/AVG-2294	38.0.0
2026-04-01T18:26:28.329831+00:00	Arch Linux Importer	Fixing	VCID-4795-vxdy-w7g3	https://security.archlinux.org/AVG-2294	38.0.0