TLS Certificate Validation Bypass in HashiCorp Vault and Vault Enterprise Cassandra Integrations
CVE-2021-27400 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
Learn more about our Cis Benchmark Audit For Apache Cassandra.