Lucene search

Veracode Vulnerability DatabaseVERACODE:46234

HistoryApr 05, 2024 - 11:38 a.m.

Improper Certificate Validation

2024-04-0511:38:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

github

hashicorp

vault

certificate validation

vulnerability

tls

ocsp

software

6.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

github.com/hashicorp/vault vulnerable to Improper Certificate Validation. The vulnerability exists due to inadequate validation during the TLS certificate authentication process, specifically in handling OCSP responses when one or more OCSP sources are configured.

CPENameOperatorVersion
github.com/hashicorp/vaultlev1.16.0-rc3
github.com/hashicorp/vaultlev1.16.0-rc3

CPE	Name	Operator	Version
	github.com/hashicorp/vault	le	v1.16.0-rc3
	github.com/hashicorp/vault	le	v1.16.0-rc3

References

discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573

github.com/advisories/GHSA-j2rp-gmqv-frhv

github.com/hashicorp/vault/commit/2fe676e75b39d0e39b0fa23a458345370bca41b7

security.netapp.com/advisory/ntap-20240524-0007/

6.4 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:46234