Azure Linux 3.0 Security Update: keda (CVE-2021-32923)

The version of keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-32923 advisory. - HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret...

GO-2024-2514 Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault...

BIT-VAULT-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

Token leases could outlive their TTL in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect Access Control...

GHSA-57GG-CJ55-Q5G2 Token leases could outlive their TTL in HashiCorp Vault

HashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect Access Control...

CVE-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

Denial of service

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

CVE-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

CVE-2021-32923

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases specifically, those within 1 second of their maximum TTL, which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2...

CVE-2021-32923

Summary: CVE-2021-32923 affects HashiCorp Vault and Vault Enterprise. The issue arises from the renewal logic for nearly-expired token leases and dynamic secret leases within one second of their maximum TTL, which allowed these leases to be incorrectly treated as non-expiring during subsequent us...

HashiCorp Vault 和 Vault Enterprise 代码问题漏洞

Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp USA. A security vulnerability exists in HashiCorp Vault and Vault Enterprise that allows updates to expiring token leases and dynamic secret leases specifically those within 1 second of the maximum TTL, whi...

PT-2021-19974 · Hashicorp · Hashicorp Vault +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions prior to 1.5.9 HashiCorp Vault and Vault Enterprise versions prior to 1.6.5 HashiCorp Vault and Vault Enterprise versions prior to 1.7.2 Description: The issue allowed the renewal of nearly-expire...

Insecure Session Management

vault uses insecure session management. Vault and Vault Enterprise renewed nearly-expiring token leases and dynamic secret leases with a zero-second TTL, causing them to be treated as non-expiring, and never revoked...