CVE-2021-27400 - log back

CVE-2021-27400 edited at 22 Apr 2021 18:13:41
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Certificate verification bypass
Description
+ HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1.
References
+ https://discuss.hashicorp.com/t/hcsec-2021-10-vault-s-cassandra-integrations-did-not-validate-tls-certificates/23463
+ https://github.com/hashicorp/vault/pull/11365
+ https://github.com/hashicorp/vault/commit/9c9675fd201df1780432f52bbf7dacfe1daf4dce
Notes
CVE-2021-27400 created at 22 Apr 2021 18:11:44