HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-12T00:00:00
Updated: 2024-08-03T12:42:44.924Z
Reserved: 2022-09-23T00:00:00
Link: CVE-2022-41316
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-10-12T21:15:09.857
Modified: 2024-11-21T07:23:01.917
Link: CVE-2022-41316
Redhat