CVSS 3.1 Score 8.1 of 10 (high)


Published Mar 4, 2024
Updated: Mar 5, 2024
CWE ID 295


CVE-2024-2048 is a vulnerability that affects Vault and Vault Enterprise ("Vault") TLS certificate authentication method. When configured with a non-CA certificate as a trusted certificate, the authentication system does not correctly validate client certificates. This flaw could allow an attacker to create a malicious certificate that bypasses authentication. The issue has been fixed in versions 1.15.5 and 1.14.10 of Vault. The vulnerability has a high base severity score of 8.1, with high impacts on integrity and confidentiality. The exploitability score is 2.2, and the attack vector is through the network. Organizations using affected versions of Vault should update to the fixed versions immediately to mitigate the potential danger posed by this vulnerability (CVE-2024-2048).

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2048 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options