AVG-1860 log
Package | vault |
Status | Fixed |
Severity | Medium |
Type | certificate verification bypass |
Affected | 1.7.0-1 |
Fixed | 1.7.1-2 |
Current | 1.18.2-1 [extra] |
Ticket | None |
Created | Thu Apr 22 18:11:44 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-29653 | Medium | Yes | Certificate verification bypass | HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in... |
CVE-2021-27400 | Medium | Yes | Certificate verification bypass | HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when... |
Notes |
---|
The Arch Linux package vault 1.7.1-1 was actually still upstream version 1.7.0 because only $pkgver, but not the commit hash was bumped by accident. This is fixed in version 1.7.1-2 of the Arch Linux package. |