CVE-2021-27400
7.5
HIGH
CVSS 3.1
EPSS 0.14%
Description
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1
How to fix CVE-2021-27400
To remediate CVE-2021-27400, upgrade the affected package to a fixed version below.
- Bitnami/vault—upgrade to 1.6.4 or later
Is CVE-2021-27400 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.6.4, >= 1.7.0, < 1.7.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |