CVE Vulnerabilities

CVE-2021-27400

Improper Certificate Validation

Published: Apr 22, 2021 | Modified: Apr 27, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Vault Hashicorp 1.7.0 *
Vault Hashicorp 1.7.0 *
Vault Hashicorp * *
Vault Hashicorp * *

Potential Mitigations

References