CVE-2021-32923 log

Severity Medium
Remote Yes
Type Authentication bypass
HashiCorp Vault before version 1.7.2 allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use.
Group Package Affected Fixed Severity Status Ticket
AVG-2029 vault 1.7.1-2 1.7.2-1 Medium Fixed