CVE-2021-29653
HIGHHashiCorp Vault 1.5.1-1.5.7 - Improper Certificate Validation in PKI Engine CRL Generation
Title source: llmDescription
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://discuss.hashicorp.com/t/hcsec-2021-09-vault-s-pki-engine-crl-may-exclude-revoked-but-unexpired-certificates-after-tidy/23461/2
Scores
CVSS v3
7.5
EPSS
0.0010
EPSS Percentile
26.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (1)
hashicorp/vault
1.5.1 - 1.5.8 (2 CPE variants)
Published
Apr 22, 2021
Tracked Since
Feb 18, 2026