CVE-2022-25243

Published: 2022-03-10T17:47Z

Last Modified: 2024-11-21T06:51Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt