|Type||certificate verification bypass|
|Created||Thu Apr 22 18:11:44 2021|
|CVE-2021-29653||Medium||Yes||Certificate verification bypass||
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in...
|CVE-2021-27400||Medium||Yes||Certificate verification bypass||
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when...
The Arch Linux package vault 1.7.1-1 was actually still upstream version 1.7.0 because only $pkgver, but not the commit hash was bumped by accident. This is fixed in version 1.7.1-2 of the Arch Linux package.