"Vault and Vault Enterprise 1.8.0 up to and including 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hashicorp vault |