PT-2022-23215 · Hashicorp · Hashicorp Vault Enterprise
Published
2022-07-26
·
Updated
2024-03-06
·
CVE-2022-36129
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
HashiCorp Vault Enterprise versions 1.7.0 through 1.9.7
HashiCorp Vault Enterprise version 1.10.4
HashiCorp Vault Enterprise version 1.11.0
Description
The issue concerns an unauthenticated API endpoint in HashiCorp Vault Enterprise that could be exploited to override the voter status of a node within a Vault HA cluster. This could lead to potential data loss or catastrophic failure.
Recommendations
For HashiCorp Vault Enterprise versions 1.7.0 through 1.9.7, update to version 1.9.8 or later.
For HashiCorp Vault Enterprise version 1.10.4, update to version 1.10.5 or later.
For HashiCorp Vault Enterprise version 1.11.0, update to version 1.11.1 or later.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hashicorp Vault Enterprise