CGA-qwxw-2cf6-j68f

Published

Last updated

https://images.chainguard.dev/security/CGA-qwxw-2cf6-j68f

Package

vault-1.16

Latest Update

Not affected

Aliases

CVE-2024-2660
GHSA-j2rp-gmqv-frhv

Severity

6.4

Medium

CVSS V3

Summary

HashiCorpVault does not correctly validate OCSP responses

Description

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-2660
https://github.com/advisories/GHSA-j2rp-gmqv-frhv
https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573
https://github.com/hashicorp/vault
https://security.netapp.com/advisory/ntap-20240524-0007

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-qwxw-2cf6-j68f

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources