CVE-2021-27400

HIGH7.5EPSS 0.14%

Published: 3/6/2024Modified: 4/3/2025

Description

HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1

Affected packages (1)

Bitnami/vaultfrom 0, < 1.6.4, >= 1.7.0, < 1.7.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References (2)

WEBhttps://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-27400