CVE-2021-45042

4.9MEDIUM

Key Information

Vendor: Hashicorp
Status: Vault
Vendor: CVE Published:; 17 December 2021

Summary

In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 17, 2021
Vulnerability Reserved.
Dec 13, 2021

Collectors

NVD DatabaseMitre Database