CVE-2022-25243
published 2022-03-10CVE-2022-25243: "Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to…
PriorityP432medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
0.55%
41.7th percentile
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hashicorp | vault | >= 1.8.0 < 1.8.9 | 1.8.9 |
| hashicorp | vault | >= 1.9.0 < 1.9.4 | 1.9.4 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
vault: PKI Secrets Engine Policy Results In Incorrect Wildcard Certificate Issuance
vendor_redhat·2022-03-10·CVSS 6.5
CVE-2022-25243 [MEDIUM] CWE-285 vault: PKI Secrets Engine Policy Results In Incorrect Wildcard Certificate Issuance
vault: PKI Secrets Engine Policy Results In Incorrect Wildcard Certificate Issuance
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
A flaw was found in HashiCorp Vault and Vault Enterprise. This flaw allows a remote, authenticated attacker to bypass security restrictions caused by a flaw related to the PKI secrets engine under certain configurations. An attacker can issue wildcard certificates to authorized users for a specified domain by sending a specially crafted request.
Package: openshift4/ose-installer (Red Hat OpenShift Con
GHSA
GHSA-p3j9-qwh2-784j: "Vault and Vault Enterprise 1
ghsa_unreviewed·2022-03-11
CVE-2022-25243 [MEDIUM] CWE-295 GHSA-p3j9-qwh2-784j: "Vault and Vault Enterprise 1
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600https://security.gentoo.org/glsa/202207-01https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600https://security.gentoo.org/glsa/202207-01
2022-03-10
Published