Home > Vulnerability Database > CVE-2024-2660

Mend.io Vulnerability Database

CVE-2024-2660

Good to know:

Date: April 4, 2024

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Vault Enterprise 1.14.0 and above, and is fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.

Language: Go

Severity Score

6.4

Related Resources (7)

Url: https://github.com/advisories/GHSA-j2rp-gmqv-frhv

Url: https://github.com/hashicorp/vault

Url: https://security.netapp.com/advisory/ntap-20240524-0007

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-2660

Url: https://discuss.hashicorp.com/t/hcsec-2024-07-vault-tls-cert-auth-method-did-not-correctly-validate-ocsp-responses/64573

Url: https://security.netapp.com/advisory/ntap-20240524-0007/

Url: https://www.mend.io/vulnerability-database/CVE-2024-2660

Severity Score

6.4

Weakness Type (CWE)

Not Failing Securely ('Failing Open')

CWE-636

Improper Check or Handling of Exceptional Conditions

CWE-703

Top Fix

Upgrade Version

Upgrade to version github.com/hashicorp/vault - v1.16.0

Learn More

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-2660

Good to know:

Date: April 4, 2024

Language: Go

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?