In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-31839 In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T04:32:13.617Z

Reserved: 2021-12-13T00:00:00

Link: CVE-2021-45042

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-12-17T14:15:07.667

Modified: 2024-11-21T06:31:51.180

Link: CVE-2021-45042

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-12-13T00:00:00Z

Links: CVE-2021-45042 - Bugzilla

cve-icon OpenCVE Enrichment

No data.