HashiCorpVULNRICHMENT:CVE-2024-2660CVE-2024-2660 Vault TLS Cert Auth Method Did Not Correctly Validate OCSP Responses
6.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
CNA Affected
[
{
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"product": "Vault",
"versions": [
{
"status": "affected",
"version": "1.14.0",
"lessThan": "1.16.0",
"versionType": "semver"
}
],
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"defaultStatus": "unaffected"
},
{
"repo": "https://github.com/hashicorp/vault",
"vendor": "HashiCorp",
"product": "Vault Enterprise",
"versions": [
{
"status": "affected",
"changes": [
{
"at": "1.14.11",
"status": "unaffected"
},
{
"at": "1.15.7",
"status": "unaffected"
}
],
"version": "1.14.0",
"lessThan": "1.16.0",
"versionType": "semver"
}
],
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"defaultStatus": "unaffected"
}
]Related
6.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%