c97c8687f4
* Add entity-alias behavior change to docs * Add upgrade note about entity-alias mapping change * Rename 1.7-9 upgrade pages, shuffle upgrade note position * Update website/content/partials/entity-alias-mapping.mdx Co-authored-by: Meggie <meggie@hashicorp.com> * Add incorrect policy issue to the docs * Add example about entity-alias restriction Co-authored-by: Meggie <meggie@hashicorp.com>
7 lines
641 B
Plaintext
7 lines
641 B
Plaintext
## Entity Alias mapping
|
|
|
|
Previously, an entity in Vault could be mapped to multiple entity aliases on the same authentication backend. This
|
|
led to a potential security vulnerability (CVE-2021-43998), as ACL policies templated with alias information would match the first
|
|
alias created. Thus, tokens created from all aliases of the entity, will have access to the paths containing alias
|
|
metadata of the first alias due to templated policies being incorrectly applied. As a result, the mapping behavior was updated
|
|
such that an entity can only have one alias per authentication backend. This change exists in Vault 1.9.0+, 1.8.5+ and 1.7.6+. |