CVE-2021-29653 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Certificate verification bypass
Description	HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1860	vault	1.7.0-1	1.7.1-2	Medium	Fixed

References
https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2 https://github.com/hashicorp/vault/pull/11367 https://github.com/hashicorp/vault/commit/3144d8f14b749fac57f0970636b35c68fd673843

References

https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2
https://github.com/hashicorp/vault/pull/11367
https://github.com/hashicorp/vault/commit/3144d8f14b749fac57f0970636b35c68fd673843