HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-07-26T22:21:51
Updated: 2024-08-03T10:00:01.365Z
Reserved: 2022-07-18T00:00:00
Link: CVE-2022-36129
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-07-26T23:15:08.337
Modified: 2024-11-21T07:12:27.497
Link: CVE-2022-36129
Redhat