4 matches found
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the certificate authentication process when disablebinding=true is set. An attacker can extend the lifetime of dynamic leases held by the original token by renewing tokens using a sibling certificate a...
OpenBao 信任管理问题漏洞
OpenBao is an open-source sensitive data management software developed by OpenBao. Versions of OpenBao prior to 2.5.3 had vulnerabilities related to trust management. These vulnerabilities stemmed from incorrect matching during certificate authentication when renewing tokens. This allowed attacke...
CVE-2021-37219
A flaw in Consul Raft RPC layer allows privilege escalation by allowing access to access server-only functionality from non-server agents with a valid certificate signed by the same CA...
UBUNTU-CVE-2021-37219
HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2...