{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T00:28:31.241","vulnerabilities":[{"cve":{"id":"CVE-2024-2048","sourceIdentifier":"security@hashicorp.com","published":"2024-03-04T20:15:50.690","lastModified":"2025-11-13T17:51:43.380","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10."},{"lang":"es","value":"El método de autenticación de certificados TLS de Vault y Vault Enterprise (“Vault”) no validaba correctamente los certificados de cliente cuando se configuraba con un certificado que no era CA como certificado confiable. En esta configuración, un atacante puede crear un certificado malicioso que podría usarse para eludir la autenticación. Corregido en Vault 1.15.5 y 1.14.10."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*","versionEndExcluding":"1.14.10","matchCriteriaId":"A6C6635E-C667-4498-9EA2-A0CB55D12792"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"1.14.10","matchCriteriaId":"30AF0CCD-381E-430A-8AA0-0D8BA5D2C15E"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*","versionStartIncluding":"1.15.0","versionEndExcluding":"1.15.5","matchCriteriaId":"07DC1E7F-7803-4CB4-AA42-2781E3F1E612"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.15.0","versionEndExcluding":"1.15.5","matchCriteriaId":"B92203A3-1C92-430B-8008-A4FC4745DEEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbao:openbao:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.0","matchCriteriaId":"F5D539A5-4DBC-45DC-BEAB-FCDE4DD61384"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382","source":"security@hashicorp.com","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240524-0009/","source":"security@hashicorp.com","tags":["Third Party Advisory"]},{"url":"https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240524-0009/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}