Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-25243: HCSEC-2022-09 - Vault PKI Secrets Engine Policy Results In Incorrect Wildcard Certificate Issuance

"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.

CVE
#auth

Loading

Related news

Gentoo Linux Security Advisory 202207-01

Gentoo Linux Security Advisory 202207-1 - Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service. Versions less than 1.10.3 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907