EUVD-2021-1251

Malware in sbrugna...

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically those within 1 second of their maximum TTL) which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9 1.6.5 and 1.7.2.

...

BIT-VAULT-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

CVE-2021-32923

A flaw was found in the HashiCorp Vault and Vault Enterprise. The vault could allow a remote attacker to bypass security restrictions caused by a renewal logic flaw when a token lease or dynamic secret lease was renewed inside the last second of its maximum TTL. By sending a specially crafted...

CVE-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

Denial of service

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

CVE-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

CVE-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

CVE-2021-32923

Summary: CVE-2021-32923 affects HashiCorp Vault and Vault Enterprise. The issue arises from the renewal logic for nearly-expired token leases and dynamic secret leases within one second of their maximum TTL, which allowed these leases to be incorrectly treated as non-expiring during subsequent us...

HashiCorp Vault 和 Vault Enterprise 代码问题漏洞

Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp USA. A security vulnerability exists in HashiCorp Vault and Vault Enterprise that allows updates to expiring token leases and dynamic secret leases specifically those within 1 second of the maximum TTL, whi...

Insecure Session Management

vault uses insecure session management. Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked...

Insecure Session Management

github.com/hashicorp/vault does not properly handle and manage sessions. The vulnerability exists in Vault Enterprise, where the revocation of a token scoped to a non-root namespace does not properly trigger the revocation of the dynamic secret leases associated with the token...

envoy/server_fuzz_test: Heap-use-after-free in std::__1::__hash_iterator<std::__1::__hash_node<std::__1::__hash_value_type<std:

Project: https://github.com/envoyproxy/envoy.git Detailed report: https://oss-fuzz.com/testcase?key=5761881319407616 Project: envoy Fuzzer: libFuzzerenvoyserverfuzztest Fuzz target binary: serverfuzztest Job Type: libfuzzerasanenvoy Platform Id: linux Crash Type: Heap-use-after-free READ 8 Crash...