CVE Vulnerabilities

CVE-2022-25244

Published: Mar 10, 2022 | Modified: Mar 18, 2022
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.

Affected Software

Name Vendor Start Version End Version
Vault Hashicorp 1.7.0 *
Vault Hashicorp 1.8.0 *
Vault Hashicorp 1.9.0 *

References