Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 861812 (CVE-2022-36129) - <app-admin/vault-{1.10.4,1.11.1}: incorrect access control
Summary: <app-admin/vault-{1.10.4,1.11.1}: incorrect access control
Status: IN_PROGRESS
Alias: CVE-2022-36129
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://discuss.hashicorp.com/t/hcsec...
Whiteboard: B3 [glsa?]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-29 05:52 UTC by John Helmert III
Modified: 2022-07-29 21:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-29 05:52:23 UTC
CVE-2022-36129:

HashiCorp Vault and Vault Enterprise through 2022-07-17 have Incorrect Access Control.

Please stabilize 1.10.4 and cleanup <1.11.1.
Comment 1 Larry the Git Cow gentoo-dev 2022-07-29 21:04:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f49ca9e8d94a5035adece042318d75d0cae50929

commit f49ca9e8d94a5035adece042318d75d0cae50929
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-07-29 21:04:11 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-07-29 21:04:55 +0000

    app-admin/vault: drop 1.10.3, 1.10.4, 1.11.0
    
    Bug: https://bugs.gentoo.org/861812
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-admin/vault/Manifest            |  6 ---
 app-admin/vault/vault-1.10.3.ebuild | 85 ------------------------------------
 app-admin/vault/vault-1.10.4.ebuild | 85 ------------------------------------
 app-admin/vault/vault-1.11.0.ebuild | 86 -------------------------------------
 4 files changed, 262 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d5e5d6ad7f9c2ce28ff30d1c45736204a6a36fd

commit 3d5e5d6ad7f9c2ce28ff30d1c45736204a6a36fd
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-07-29 21:02:37 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-07-29 21:04:54 +0000

    app-admin/vault: stabilize 1.10.5 for amd64
    
    Bug: https://bugs.gentoo.org/861812
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-admin/vault/vault-1.10.5.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-29 21:08:21 UTC
Thanks, Zac!