CVE-2021-27668
First published: Tue Aug 31 2021(Updated: )
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Vault | >=0.9.2<1.6.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2021-27668.
What is the severity of CVE-2021-27668?
The severity of CVE-2021-27668 is medium with a severity value of 5.3.
What software versions are affected by CVE-2021-27668?
HashiCorp Vault Enterprise versions 0.9.2 through 1.6.2 are affected by CVE-2021-27668.
How can I fix CVE-2021-27668?
CVE-2021-27668 can be fixed by upgrading to version 1.6.3 of HashiCorp Vault Enterprise.
Are there any references for CVE-2021-27668?
Yes, you can find references for CVE-2021-27668 at the following links: [Reference 1](https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427) and [Reference 2](https://security.gentoo.org/glsa/202207-01).
- collector/nvd-index
- vendor/hashicorp
- canonical/hashicorp vault
- version/hashicorp vault/0.9.2