Lucene search
+L

5 matches found

wolfi
wolfi
added 2024/03/04 8:15 p.m.30 views

CVE-2024-2048 vulnerabilities

Vulnerabilities for packages: k3d...

9.8CVSS7.5AI score0.00447EPSS
Exploits0
cgr
cgr
added 2024/03/04 8:15 p.m.61 views

CVE-2024-2048 vulnerabilities

Vulnerabilities for packages: k3d...

9.8CVSS8.2AI score0.00447EPSS
Exploits0
cve
cve
added 2024/03/04 7:56 p.m.400 views

CVE-2024-2048

CVE-2024-2048 affects Vault and Vault Enterprise where TLS certificate auth did not properly validate client certificates when configured with a non-CA trusted certificate, potentially allowing certificate-based authentication bypass. The issue is fixed in Vault 1.15.5 and 1.14.10.

9.8CVSS7.8AI score0.00447EPSS
Exploits0References2Affected Software1
osv
osv
added 2024/03/04 7:56 p.m.3 views

CVE-2024-2048 Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass...

8.1CVSS7.1AI score0.00447EPSS
Exploits0References5
cvelist
cvelist
added 2024/03/04 7:56 p.m.34 views

CVE-2024-2048 Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass...

8.1CVSS8.1AI score0.00447EPSS
Exploits0References2
Rows per page
Query Builder