Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HashiCorp Vault 信任管理问题漏洞
Vulnerability Description
HashiCorp Vault是美国HashiCorp公司的一款私钥访问管理工具。 HashiCorp Vault 1.8.0版本至1.8.8版本以及1.9.3版本 存在信任管理问题漏洞,该漏洞允许PKI机密引擎在某些配置下向指定域的授权用户颁发通配符证书,即使PKI角色策略属性allow_subdomains设置为false。该漏洞在 Vault Enterprise 1.8.9版本和 1.9.4版本中已修复。
CVSS Information
N/A
Vulnerability Type
N/A