Upstream information

CVE-2024-2660 at MITRE

Description

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • sops >= 3.9.0-1.1
Patchnames:
openSUSE-Tumbleweed-2024-14104


SUSE Timeline for this CVE

CVE page created: Thu Apr 4 22:00:10 2024
CVE page last modified: Tue Sep 3 19:32:20 2024