Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 01:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 26 Sep 2024 01:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 26 Sep 2024 00:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11. | Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11. |
Weaknesses | CWE-636 |
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2024-04-04T17:55:20.192Z
Updated: 2024-09-26T00:13:17.242Z
Reserved: 2024-03-19T17:34:27.401Z
Link: CVE-2024-2660
Vulnrichment
Updated: 2024-08-01T19:18:48.125Z
NVD
Status : Awaiting Analysis
Published: 2024-04-04T18:15:14.783
Modified: 2024-09-26T01:15:11.220
Link: CVE-2024-2660
Redhat