Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

授权机制不恰当

HashiCorp Vault 安全漏洞

HashiCorp Vault是美国HashiCorp公司的一款私钥访问管理工具。 HashiCorp Vault 1.13.1之前版本、1.12.5之前版本 和 1.11.9之前版本存在安全漏洞，该漏洞源于通过挂载颁发者端点可以删除颁发者或修改颁发者元数据，可能导致 PKI 挂载拒绝服务。

N/A

N/A