VYPR
High severity7.4NVD Advisory· Published Jun 3, 2021· Updated Jun 17, 2026

CVE-2021-32923

CVE-2021-32923

Description

HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/vaultGo
>= 1.7.0, < 1.7.21.7.2
github.com/hashicorp/vaultGo
>= 1.6.0, < 1.6.51.6.5
github.com/hashicorp/vaultGo
>= 0.10.0, < 1.5.91.5.9

Affected products

8

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.

CVE-2021-32923 · High · VYPR