In Vault and Vault Enterprise versions from 1.14.0 up to 1.15.6 and 1.14.10 a medium severity vulnerability CVE-2024-2660 was detected. The TLS certificate authentication method failed to verify Online Certificate Status Protocol (OCSP) responses from multiple sources, potentially allowing unauthorized access. This issue is resolved in Vault version 1.16.0 and Vault Enterprise versions 1.16.1, 1.15.7, and 1.14.11. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-2660/.
Read more Security
In FreeIPA a medium severity vulnerability CVE-2024-1481 was detected. This issue may cause some failures in authentication processes, but it does not allow anyone to access sensitive data or damage the integrity of the system. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-1481.
Read more Security
In Vault and Vault Enterprise versions 1.14.0 and newer a medium severity vulnerability CVE-2024-2660 was detected. This vulnerability affects how Vault checks for certificate status, potentially letting someone with network access use a fake certificate to get unauthorized access. The issue is resolved in Vault version 1.16.0 and Vault Enterprise versions 1.16.1, 1.15.7, and 1.14.11. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-2660.
Read more Security