Improper Preservation of Permissions
CVE-2021-38553
Summary
HashiCorp Vault and Vault Enterprise 1.4.x prior to 1.8.0 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- HIGH
- NONE
- HIGH
CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
References
Advisory Timeline
- Published