CVE-2021-29653
published 2021-04-22CVE-2021-29653: HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.55%
41.9th percentile
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hashicorp | vault | >= 1.5.1 < 1.5.8 | 1.5.8 |
| hashicorp | vault | >= 1.6.0 < 1.6.4 | 1.6.4 |
| hashicorp | vault | >= 1.7.0 < 1.7.1 | 1.7.1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gw8r-qv92-434x: HashiCorp Vault and Vault Enterprise 1
ghsa_unreviewed·2022-05-24
CVE-2021-29653 [HIGH] CWE-295 GHSA-gw8r-qv92-434x: HashiCorp Vault and Vault Enterprise 1
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
Red Hat
vault: PKI Engine CRL May Exclude Revoked But Unexpired Certificates After Tidy
vendor_redhat·2021-04-22·CVSS 7.5
CVE-2021-29653 [HIGH] CWE-295 vault: PKI Engine CRL May Exclude Revoked But Unexpired Certificates After Tidy
vault: PKI Engine CRL May Exclude Revoked But Unexpired Certificates After Tidy
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
Package: openshift-logging/logging-loki-rhel9 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: servicemesh (OpenShift Service Mesh 1) - Not affected
Package: servicemesh (OpenShift Service Mesh 2.0) - Not affected
Package: vault (Red Hat Advanced Cluster Management for Kubernetes 2) - Not affected
Package: openshift4/ose-installer (Red Hat OpenShift Container Platform 4) - Not affected
Package: openshift4/topology-aware-lifecycle-manager-rhel8-operator (Red Hat OpenShift Container Platform 4) - Not affected
Pack
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-22
Published