3 matches found
CVE-2022-25243
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allowsubdomains is set to false. Fixed in Vault Enterprise 1.8.9...
CVE-2022-25243
CVE-2022-25243 affects HashiCorp Vault and Vault Enterprise: PKI secrets engine could issue wildcard certificates to authorized users under certain configurations, even when allow_subdomains is false. Impacted are Vault and Vault Enterprise versions 1.8.0–1.8.8 and 1.9.3. Root cause: PKI configur...
CVE-2022-25243
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allowsubdomains is set to false. Fixed in Vault Enterprise 1.8.9...