Security Advisory

CVE-2024-2048

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-04 19:56:47

Last updated 2025-02-13 17:32:32

Assigner HashiCorp

State PUBLISHED

Description

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

← Browse all CVEs View on cve.org ↗