Improper Check or Handling of Exceptional Conditions

CVE-2024-2660

Medium

6.4/10

Summary

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Affected version in Vault are through 1.14.10, and 1.15.0-rc1 through v1.15.6.

Attack Complexity: HIGH
Attack Vector: ADJACENT_NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-703 - Improper Check or Handling of Exceptional Conditions

The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

References

Advisory
Advisory
Pull request
Release Note
Issue

Advisory Timeline

Published Apr 04, 2024

Improper Check or Handling of Exceptional Conditions

CVE-2024-2660

Summary

CWE-703 - Improper Check or Handling of Exceptional Conditions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS