6.8

CVE-2021-45042

EPSS 0.44%
Veröffentlicht 17.12.2021 14:15:07
Zuletzt bearbeitet 21.11.2024 06:31:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hashicorp ≫ Vault SwEdition- Version >= 1.4.0 < 1.7.7

Hashicorp ≫ Vault SwEditionenterprise Version >= 1.4.0 < 1.7.7

Hashicorp ≫ Vault SwEdition- Version >= 1.8.0 < 1.8.6

Hashicorp ≫ Vault SwEditionenterprise Version >= 1.8.0 < 1.8.6

Hashicorp ≫ Vault Version1.9.0 SwEdition-

Hashicorp ≫ Vault Version1.9.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.621

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:N/I:N/A:C

https://www.hashicorp.com/blog/category/vault

Vendor Advisory

Product

https://security.gentoo.org/glsa/202207-01

Third Party Advisory

https://discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-45042

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45042

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45042

EUVD