CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2022-36129

CVSS 9.1v3.1pub. 2022-07-26upd. 2024-11-21

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Hashicorp Vault

    APP
    Hashicorp
    1.11.01.7.0 – 1.9.71.10.0 – 1.10.4
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-6000CRITICAL9.1PL ✓ten sam produkt

HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit

CVE-2022-40186CRITICAL9.1ten sam produkt

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity...

CVE-2020-35192CRITICAL9.8ten sam produkt

The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vaul...

CVE-2020-12757CRITICAL9.8ten sam produkt

HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorre...

CVE-2020-10661CRITICAL9.1ten sam produkt

HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have exis...