Security Advisory

CVE-2022-25243

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-07 21:45:16

Last updated 2024-08-03 04:36:06

Assigner mitre

State PUBLISHED

Description

"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.

← Browse all CVEs View on cve.org ↗