Описание
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.
A flaw was found in the HashiCorp Vault and Vault Enterprise. The vault could allow a remote attacker to bypass security restrictions caused by a renewal logic flaw when a token lease or dynamic secret lease was renewed inside the last second of its maximum TTL. By sending a specially crafted request, an attacker can bypass authentication validation and gain access to the system.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-loki-rhel8 | Not affected | ||
| OpenShift Service Mesh 2.0 | servicemesh | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | vault | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-installer | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/topology-aware-lifecycle-manager-rhel8-operator | Not affected | ||
| Red Hat Openshift Container Storage 4 | ocs4/cephcsi-rhel8 | Under investigation | ||
| Red Hat Openshift Container Storage 4 | ocs4/mcg-rhel8-operator | Under investigation | ||
| Red Hat Openshift Container Storage 4 | ocs4/ocs-rhel8-operator | Under investigation | ||
| Red Hat Openshift Container Storage 4 | ocs4/rook-ceph-rhel8-operator | Under investigation | ||
| Red Hat Openshift Data Foundation 4 | odf4/cephcsi-rhel9 | Affected |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.
6.5 Medium
CVSS3