8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
github.com/hashicorp/vault is vulnerable to Improper Certificate Validation. The vulnerability is due to insufficient validation of client certificates when a non-CA certificate is configured as trusted. This flaw leads to authentication bypass using the TLS certificate auth method with non-CA certificates.
discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382
github.com/advisories/GHSA-r3w7-mfpm-c2vw
github.com/hashicorp/vault/commit/773911494e767482207674b5e7bdb9608693c8c0
github.com/hashicorp/vault/commit/a7012406a8efb00adc19a41501dcbb3238953864
github.com/hashicorp/vault/pull/25649
github.com/hashicorp/vault/releases/tag/v1.14.10
github.com/hashicorp/vault/releases/tag/v1.15.6
security.netapp.com/advisory/ntap-20240524-0009/
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%