CVE-2021-27400

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-27400

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27400.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-27400

Aliases

BIT-vault-2021-27400

Published

2021-04-22T17:15:07.723Z

Modified

2026-03-14T10:53:02.610451Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1

References

https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type

GIT

Repo

https://github.com/hashicorp/vault

Events

Introduced

Fixed

a10df31ee51d18d8dc4a3eda8b6ffd9097b21ba5

Introduced

Fixed

a10df31ee51d18d8dc4a3eda8b6ffd9097b21ba5

Introduced

4e222b85c40a810b74400ee3c54449479e32bb9f

Fixed

917142287996a005cb1ed9d96d00d06a0590e44e

Introduced

4e222b85c40a810b74400ee3c54449479e32bb9f

Fixed

917142287996a005cb1ed9d96d00d06a0590e44e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.6.4"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "1.6.4"
        },
        {
            "introduced": "1.7.0"
        },
        {
            "fixed": "1.7.1"
        },
        {
            "introduced": "1.7.0"
        },
        {
            "fixed": "1.7.1"
        }
    ]
}

Affected versions

api/v1.*

api/v1.1.0

sdk/v0.*

sdk/v0.2.0

v1.*

v1.7.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27400.json"