CVE-2024-2660

CVSS V2 None CVSS V3 None

Description

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.

Overview

CVE ID
CVE-2024-2660

Assigner
HashiCorp

Vulnerability Status
PUBLISHED

Published Version
2024-04-04T17:55:20.192Z

Last Modified Date
2024-04-04T17:55:20.192Z

Weakness Enumerations

CWE	URL
CWE-703	http://cwe.mitre.org/data/definitions/703.html

References

Reference URL	Reference Tags
https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573
https://security.netapp.com/advisory/ntap-20240524-0007/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-2660
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2660

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 23:53:59				Added to TrackCVE