VYPR
High severityNVD Advisory· Published Mar 4, 2024· Updated Feb 13, 2025

Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates

CVE-2024-2048

Description

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/vaultGo
>= 1.15.0, < 1.15.51.15.5
github.com/hashicorp/vaultGo
< 1.14.101.14.10

Affected products

22

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.