Lucene search
HistoryApr 04, 2024 - 6:15 p.m.
CVE-2024-2660
cve-2024-2660
tls certificates
ocsp validation
vault
vault enterprise
6.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
Related
osv
osv
BIT-vault-2024-2660
2024-05-01 07:38:05
HashiCorpVault does not correctly validate OCSP responses
2024-04-04 18:30:34
vulnrichment
vulnrichment
cvelist
cvelist
veracode
veracode
Improper Certificate Validation
2024-04-05 11:38:59
cgr
cgr
CVE-2024-2660 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2024-2660
2024-04-04 18:15:14
github
github
HashiCorpVault does not correctly validate OCSP responses
2024-04-04 18:30:34
redhatcve
redhatcve
CVE-2024-2660
2024-04-05 12:56:14
wolfi
wolfi
CVE-2024-2660 vulnerabilities
2024-06-30 03:08:34
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-06-26 16:06:34
6.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
9.1%
Related for NVD:CVE-2024-2660