Skip to content

Commit

Permalink
Add incorrect policy issue to the docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@pmmukh
pmmukh committed Dec 8, 2021
1 parent e9a7213 commit 21edb57
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions website/content/partials/entity-alias-mapping.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,6 @@

Previously, an entity in Vault could be mapped to multiple entity aliases on the same authentication backend. This
led to a potential security vulnerability (CVE-2021-43998), as ACL policies templated with alias information would match the first
alias created. As a result, the mapping behavior was updated such that an entity can only have one alias per authentication
backend. This change exists in Vault 1.9.0+, 1.8.5+ and 1.7.6+.
alias created. Thus, tokens created from all aliases of the entity, will have access to the paths containing alias
metadata of the first alias due to templated policies being incorrectly applied. As a result, the mapping behavior was updated
such that an entity can only have one alias per authentication backend. This change exists in Vault 1.9.0+, 1.8.5+ and 1.7.6+.

0 comments on commit 21edb57

Please sign in to comment.