CVE-2022-25244Vault vulnerability

3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 48.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Hashicorp Vault
Timeline
PublishedMar 10
Latest updateMar 11

Description

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDhashicorp/vault1.7.01.7.10+2

🔴Vulnerability Details

1
GHSA
GHSA-39h9-wph4-gf9p: Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint2022-03-11

📋Vendor Advisories

1
Red Hat
vault: Vault Enterprise’s Tokenization Transform Configuration Endpoint May Expose Transform Key2022-03-10