CVE-2021-27400 log

Source
Severity Medium
Remote Yes
Type Certificate verification bypass
Description
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1.
Group Package Affected Fixed Severity Status Ticket
AVG-1860 vault 1.7.0-1 1.7.1-2 Medium Fixed
References
https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463
https://github.com/hashicorp/vault/pull/11365
https://github.com/hashicorp/vault/commit/9c9675fd201df1780432f52bbf7dacfe1daf4dce