CVE-2021-38553: Improper Preservation of Permissions

August 30, 2021

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

References

discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168
github.com/advisories/GHSA-23fq-q7hc-993r
nvd.nist.gov/vuln/detail/CVE-2021-38553

Code Behaviors & Features

Detect and mitigate CVE-2021-38553 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →