CVE-2021-42135

HIGH Year: 2021
CVSS v3 Score
8.1
High
CVSS v2 Score
4.9
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google Cloud secrets engine. Users may, in some situations, have more privileges than intended, e.g., a user with read permission for the /gcp/roleset/* path may be able to issue Google Cloud service account credentials.

Related Vulnerabilities

CVE-2017-1000241

HIGH
CVSS:8.1(High)

The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and...

CWE-2692017

CVE-2017-15055

HIGH
CVSS:8.1(High)

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, ed...

CWE-2692017

CVE-2017-18884

HIGH
CVSS:8.1(High)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.

CWE-2692017

CVE-2017-9940

HIGH
CVSS:8.1(High)

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file sys...

CWE-2692017

CVE-2018-16266

HIGH
CVSS:8.1(High)

The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, an...

CWE-2692018

CVE-2018-16267

HIGH
CVSS:8.1(High)

The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggeri...

CWE-2692018