CVE-2024-2660

Published Apr 4, 2024

Last updated 2 months ago

CVSS medium 6.4

Overview

Description: Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.
Source: security@hashicorp.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.4
Impact score: 5.9
Exploitability score: 0.5
Vector string: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

security@hashicorp.com: CWE-636

Hype score: Not currently trending

References