Unrated severityNVD Advisory· Published Dec 17, 2021· Updated Aug 4, 2024
CVE-2021-45042
CVE-2021-45042
Description
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- HashiCorp/Vault and Vault Enterprisedescription
- Range: <1.7.7, <1.8.6, <1.9.1
Patches
Vulnerability mechanics
References
3- security.gentoo.org/glsa/202207-01mitrevendor-advisoryx_refsource_GENTOO
- discuss.hashicorp.com/t/hcsec2-21-33-vault-s-kv-secrets-engine-with-integrated-storage-exposed-to-authenticated-denial-of-service/33157mitrex_refsource_MISC
- www.hashicorp.com/blog/category/vaultmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.