CVE-2024-2660

Description

HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

Affected packages (3)

• Bitnami/vault>= 1.14.0, < 1.16.0
• Go/github.com/hashicorp/vaultfrom 0, < 1.16.0
• Go/github.com/hashicorp/vaultfrom 0, < 1.16.0

CVSS scores

References (6)

• ADVISORYhttps://github.com/advisories/GHSA-j2rp-gmqv-frhv
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-2660
• PATCHhttps://github.com/hashicorp/vault
• WEBhttps://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573
• WEBhttps://security.netapp.com/advisory/ntap-20240524-0007
• WEBhttps://security.netapp.com/advisory/ntap-20240524-0007/