Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-rq95-xf66-j689: Improper Authentication in HashiCorp Vault

HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the remove-peer raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.

ghsa
#git#auth

Improper Authentication in HashiCorp Vault

High severity GitHub Reviewed Published Jan 31, 2024 to the GitHub Advisory Database

Related news

Gentoo Linux Security Advisory 202207-01

Gentoo Linux Security Advisory 202207-1 - Multiple vulnerabilities have been discovered in HashiCorp Vault, the worst of which could result in denial of service. Versions less than 1.10.3 are affected.

CVE-2021-3282: HCSEC-2021-04 - Vault Enterprise’s DR Secondaries Allowed Raft Peer Removal Without Authentication

HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.