BIT-vault-2024-2048

Import Source

https://github.com/bitnami/vulndb/tree/main/data/vault/BIT-vault-2024-2048.json

Aliases

CVE-2024-2048
GHSA-r3w7-mfpm-c2vw
GO-2024-2617

Published

2024-05-01T07:38:21.819Z

Modified

2024-05-01T08:11:36.894868Z

Summary

[none]

Details

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

References

https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382

Affected packages

Bitnami / vault

Package

Name: vault

Affected ranges

Type: SEMVER
Events: Introduced

1.15.0

Fixed

1.15.5

Introduced

0The exact introduced commit is unknown

Fixed

1.14.10