Description

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.

INFO

Published Date :

2024-04-04T17:55:20.192Z

Last Modified :

2024-09-26T00:13:17.242Z

Source :

HashiCorp
AFFECTED PRODUCTS

The following products are affected by CVE-2024-2660 vulnerability.

Vendors Products
Hashicorp
  • Vault
  • Vault Enterprise

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact