CVE-2021-45042

MEDIUM4.9EPSS 0.43%

發布日:2024/3/6修改日:2025/4/3

描述

In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.

受影響套件(1)

Bitnami/vault>= 1.4.0, < 1.7.7, >= 1.8.0, < 1.8.6, >= 1.9.0, < 1.9.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

參考連結(4)

WEBhttps://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2021-45042
WEBhttps://security.gentoo.org/glsa/202207-01
WEBhttps://www.hashicorp.com/blog/category/vault