In HashiCorp Vault and Vault Enterprise prior to 1.7.7, 1.8.x prior to 1.8.6, and 1.9.x prior to 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hashicorp vault 1.9.0 |
||
hashicorp vault |