Wildcard Certificate Issuance Vulnerability in Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3

Wildcard Certificate Issuance Vulnerability in Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3

CVE-2022-25243 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.

Learn more about our User Device Pen Test.