Certificate Revocation List (CRL) Exclusion Vulnerability in HashiCorp Vault
CVE-2021-29653 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1.
Learn more about our Web Application Penetration Testing UK.