CVE-2021-27400

HIGH7.5EPSS 0.14%

發布日:2024/3/6修改日:2025/4/3

描述

HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1

受影響套件(1)

Bitnami/vaultfrom 0, < 1.6.4, >= 1.7.0, < 1.7.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

參考連結(2)

WEBhttps://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-27400