Headline
CVE-2021-3282: HCSEC-2021-04 - Vault Enterprise’s DR Secondaries Allowed Raft Peer Removal Without Authentication
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the remove-peer
raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
Loading
Related news
GHSA-rq95-xf66-j689: Improper Authentication in HashiCorp Vault
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
Gentoo Linux Security Advisory 202207-01
Gentoo Linux Security Advisory 202207-1 - Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service. Versions less than 1.10.3 are affected.