CVE-2021-32923 HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically those within 1 second of their maximum TTL) which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9 1.6.5 and 1.7.2.

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: MSRC Security Update Guide.

Information published.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.