GHSA-j2rp-gmqv-frhv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-j2rp-gmqv-frhv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-j2rp-gmqv-frhv/GHSA-j2rp-gmqv-frhv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-j2rp-gmqv-frhv
- Aliases
-
- BIT-vault-2024-2660
- CGA-q87q-m7jv-rffq
- CVE-2024-2660
- GO-2024-2690
- Related
- Published
- 2024-04-04T18:30:34Z
- Modified
- 2024-10-22T05:29:03.198761Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- HashiCorpVault does not correctly validate OCSP responses
- Details
-
Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
- Database specific
{ "nvd_published_at": "2024-04-04T18:15:14Z", "cwe_ids": [ "CWE-636", "CWE-703" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-04T22:10:49Z" }- References
Affected packages
Go / github.com/hashicorp/vault
Package
- Name
- github.com/hashicorp/vault
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/hashicorp/vault