PT-2022-17174 · Hashicorp · Vault Enterprise+1
Published
2022-03-07
·
Updated
2024-03-06
·
CVE-2022-25243
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Vault and Vault Enterprise versions 1.8.0 through 1.8.8
Vault and Vault Enterprise version 1.9.3
Description
The issue allowed the PKI secrets engine to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute
allow subdomains is set to false.Recommendations
For Vault and Vault Enterprise versions 1.8.0 through 1.8.8, update to version 1.8.9.
For Vault and Vault Enterprise version 1.9.3, update to version 1.9.4.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vault
Vault Enterprise