CVE-2021-27400
published 2021-04-22CVE-2021-27400: HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.57%
42.8th percentile
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hashicorp | vault | < 1.6.4 | 1.6.4 |
| hashicorp | vault | >= 1.7.0 < 1.7.1 | 1.7.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
vault: TLS certificates not validated when connecting to Cassandra clusters
vendor_redhat·2021-04-22·CVSS 7.5
CVE-2021-27400 [HIGH] CWE-295 vault: TLS certificates not validated when connecting to Cassandra clusters
vault: TLS certificates not validated when connecting to Cassandra clusters
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
Package: openshift-logging/logging-loki-rhel9 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: servicemesh (OpenShift Service Mesh 1) - Not affected
Package: servicemesh (OpenShift Service Mesh 2.0) - Not affected
Package: vault (Red Hat Advanced Cluster Management for Kubernetes 2) - Not affected
Package: openshift4/ose-installer (Red Hat OpenShift Container Platform 4) - Not affected
Package: openshift4/topology-aware-lifecycle-manager-rhel8-operator (Red Hat OpenShift Container Pla
GHSA
GHSA-4wr6-x9g6-m47v: HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates whe
ghsa_unreviewed·2022-05-24
CVE-2021-27400 [HIGH] CWE-295 GHSA-4wr6-x9g6-m47v: HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates whe
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-22
Published