CGA-q87q-m7jv-rffq

Published

Last updated

https://images.chainguard.dev/security/CGA-q87q-m7jv-rffq

Package

vault-fips-1.14

Latest Update

Fix not planned

Aliases

CVE-2024-2660
GHSA-j2rp-gmqv-frhv

Severity

6.4

Medium

CVSS V3

Summary

HashiCorpVault does not correctly validate OCSP responses

Description

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-2660
https://github.com/advisories/GHSA-j2rp-gmqv-frhv
https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573
https://github.com/hashicorp/vault
https://security.netapp.com/advisory/ntap-20240524-0007

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-q87q-m7jv-rffq

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources