Back to bug 1968032
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2021-06-04 18:18:56 UTC | Blocks | 1968033 | |
| Mark Cooper | 2021-06-23 00:38:11 UTC | CC | hvyas | |
| Depends On | 1969939 | |||
| CC | hvyas | |||
| Fixed In Version | vault 1.5.9, vault 1.6.5, vault 1.7.2 | |||
| Red Hat Bugzilla | 2021-10-15 11:51:19 UTC | CC | kconner | |
| Anten Skrabec | 2021-10-28 18:13:39 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2021-10-28 18:13:39 UTC | |||
| Avinash Hanwate | 2023-02-13 14:31:02 UTC | Status | CLOSED | NEW |
| Resolution | NOTABUG | --- | ||
| Keywords | Reopened | |||
| Avinash Hanwate | 2023-02-13 14:31:40 UTC | CC | amctagga, etamir, hchiramm, jcantril, jrivera, madam, muagarwa, nbecker, ocs-bugs, periklis, sostapov, tnielsen | |
| Avinash Hanwate | 2023-02-16 08:06:49 UTC | Severity | low | medium |
| Priority | low | medium | ||
| Avinash Hanwate | 2023-02-16 08:24:35 UTC | Depends On | 2170358, 2170357, 2170359 | |
| Avinash Hanwate | 2023-03-16 04:55:33 UTC | Doc Text | A flaw was found in the HashiCorp Vault and Vault Enterprise. The vault could allow a remote attacker to bypass security restrictions, caused by a renewal logic flaw when a token lease or dynamic secret lease was renewed inside the last second of its maximum TTL. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication validation, and gain access to the system. | |
| CC | jburrell | |||
| RaTasha Tillery-Smith | 2023-03-16 13:59:37 UTC | Doc Text | A flaw was found in the HashiCorp Vault and Vault Enterprise. The vault could allow a remote attacker to bypass security restrictions, caused by a renewal logic flaw when a token lease or dynamic secret lease was renewed inside the last second of its maximum TTL. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass authentication validation, and gain access to the system. | A flaw was found in the HashiCorp Vault and Vault Enterprise. The vault could allow a remote attacker to bypass security restrictions caused by a renewal logic flaw when a token lease or dynamic secret lease was renewed inside the last second of its maximum TTL. By sending a specially crafted request, an attacker can bypass authentication validation and gain access to the system. |
| Red Hat Bugzilla | 2023-07-07 08:32:21 UTC | Assignee | security-response-team | nobody |
| Red Hat Bugzilla | 2023-08-03 08:28:13 UTC | CC | ocs-bugs |
Back to bug 1968032