Description
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
INFO
Published Date :
2024-04-04T17:55:20.192Z
Last Modified :
2024-09-26T00:13:17.242Z
Source :
HashiCorp
AFFECTED PRODUCTS
The following products are affected by CVE-2024-2660 vulnerability.
| Vendors | Products |
|---|---|
| Hashicorp |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-2660.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact