Back to bug 2189514
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Pedro Sampaio | 2023-04-25 14:04:58 UTC | CC | ypadia | |
| Red Hat Bugzilla | 2023-05-31 23:37:44 UTC | CC | mrajanna | |
| Red Hat Bugzilla | 2023-07-07 08:31:32 UTC | Assignee | security-response-team | nobody |
| Avinash Hanwate | 2023-07-11 06:25:28 UTC | Doc Text | HashiCorp Vault and Vault Enterprise could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw related to PKI secrets engine under certain configurations. By sending a specially-crafted request, an attacker could exploit this vulnerability to issue wildcard certificates to authorized users for a specified domain. | |
| RaTasha Tillery-Smith | 2023-07-11 13:41:31 UTC | Doc Text | HashiCorp Vault and Vault Enterprise could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw related to PKI secrets engine under certain configurations. By sending a specially-crafted request, an attacker could exploit this vulnerability to issue wildcard certificates to authorized users for a specified domain. | A flaw was found in HashiCorp Vault and Vault Enterprise. This flaw allows a remote, authenticated attacker to bypass security restrictions caused by a flaw related to the PKI secrets engine under certain configurations. An attacker can issue wildcard certificates to authorized users for a specified domain by sending a specially crafted request. |
| Avinash Hanwate | 2023-07-18 13:23:08 UTC | Blocks | 2223663 | |
| Avinash Hanwate | 2023-07-18 13:30:45 UTC | CC | jcantril, periklis, ypadia | |
| Avinash Hanwate | 2023-07-18 13:31:34 UTC | Fixed In Version | vault 1.8.9, vault 1.9.4 | |
| CC | dfreiber, jburrell, rogbas, vkumar | |||
| Avinash Hanwate | 2023-07-18 13:32:07 UTC | Depends On | 2223665, 2223666 | |
| Red Hat Bugzilla | 2023-08-03 08:31:08 UTC | CC | ocs-bugs |
Back to bug 2189514