x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-362v-wg5p-64w2

[julieqiu]

In GitHub Security Advisory GHSA-362v-wg5p-64w2, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hashicorp/vault		>= 1.8.0, <= 1.8.4

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/hashicorp/vault
    versions:
      - introduced: TODO (earliest fixed "", vuln range ">= 1.8.0, <= 1.8.4")
description: HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an
    unexpected interaction between glob-related policies and the Google Cloud secrets
    engine. Users may, in some situations, have more privileges than intended, e.g.,
    a user with read permission for the /gcp/roleset/* path may be able to issue Google
    Cloud service account credentials.
published: 2021-10-12T18:41:16Z
last_modified: 2021-10-20T17:28:19Z
cves:
  - CVE-2021-42135
ghsas:
  - GHSA-362v-wg5p-64w2
links:
    context:
      - https://github.com/advisories/GHSA-362v-wg5p-64w2

[julieqiu]

Vulnerability in tool. Not importable.