Skip to main content

Improper Preservation of Permissions

CVE-2021-38553

Severity Medium
Score 4.4/10

Summary

HashiCorp Vault and Vault Enterprise 1.4.x prior to 1.8.0 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • HIGH
  • NONE
  • HIGH

CWE-281 - Improper Preservation of Permissions

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Advisory Timeline

  • Published