CGA-rrg3-2x63-27xf

Published

Last updated

https://images.chainguard.dev/security/CGA-rrg3-2x63-27xf

Package

k3d

Latest Update

Fixed

Fixed Version

5.6.0-r11

Aliases

CVE-2024-2048
GHSA-r3w7-mfpm-c2vw

Severity

8.1

High

CVSS V3

Summary

Incorrect TLS certificate auth method in Vault

Description

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-2048
https://github.com/advisories/GHSA-r3w7-mfpm-c2vw
https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382
https://github.com/hashicorp/vault
https://security.netapp.com/advisory/ntap-20240524-0009

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-rrg3-2x63-27xf

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources