Security Advisory

CVE-2021-32923

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-06-03 10:38:26

Last updated 2024-08-03 23:33:56

Assigner mitre

State PUBLISHED

Description

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.

← Browse all CVEs View on cve.org ↗