PT-2021-24194 · Hashicorp · Vault Enterprise+1
Published
2021-12-17
·
Updated
2024-03-06
·
CVE-2021-45042
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
HashiCorp Vault and Vault Enterprise versions 1.4.0 through 1.7.6
HashiCorp Vault and Vault Enterprise versions 1.8.0 through 1.8.5
HashiCorp Vault and Vault Enterprise versions 1.9.0
Description:
The issue allows an authenticated user with write permissions to a kv secrets engine to cause a panic and denial of service of the storage backend in clusters using the Integrated Storage backend.
Recommendations:
For versions 1.4.0 through 1.7.6, update to version 1.7.7 or later.
For versions 1.8.0 through 1.8.5, update to version 1.8.6 or later.
For version 1.9.0, update to version 1.9.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Hashicorp Vault
Vault Enterprise