6.8

CVE-2021-45042

EPSS 0.44%
Published 17.12.2021 14:15:07
Last modified 21.11.2024 06:31:51
Source cve@mitre.org
Teams watchlist Login
Open Login

In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.

Affected products Warnungen 0 Metrics 3 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Hashicorp ≫ Vault SwEdition- Version >= 1.4.0 < 1.7.7

Hashicorp ≫ Vault SwEditionenterprise Version >= 1.4.0 < 1.7.7

Hashicorp ≫ Vault SwEdition- Version >= 1.8.0 < 1.8.6

Hashicorp ≫ Vault SwEditionenterprise Version >= 1.8.0 < 1.8.6

Hashicorp ≫ Vault Version1.9.0 SwEdition-

Hashicorp ≫ Vault Version1.9.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.44%	0.62

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:N/I:N/A:C

https://www.hashicorp.com/blog/category/vault

Vendor Advisory

Product

https://security.gentoo.org/glsa/202207-01

Third Party Advisory

https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-45042

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45042

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45042

EUVD