CVE-2022-30689
published 2022-05-17CVE-2022-30689: HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
1.10%
61.6th percentile
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 1.10.0 < 1.10.3 | 1.10.3 |
| hashicorp | vault | >= 1.10.0 < 1.10.3 | 1.10.3 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
HashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault
osv·2024-08-21
CVE-2022-30689 HashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault
HashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault
HashiCorp Vault improper configuration of multi factor authentication in github.com/hashicorp/vault
OSV
HashiCorp Vault improper configuration of multi factor authentication
osv·2022-05-18
CVE-2022-30689 [MEDIUM] HashiCorp Vault improper configuration of multi factor authentication
HashiCorp Vault improper configuration of multi factor authentication
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
GHSA
HashiCorp Vault improper configuration of multi factor authentication
ghsa·2022-05-18
CVE-2022-30689 [MEDIUM] HashiCorp Vault improper configuration of multi factor authentication
HashiCorp Vault improper configuration of multi factor authentication
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
Red Hat
vault: incorrect MFA enforcement after server restart
vendor_redhat·2022-05-17·CVSS 5.3
CVE-2022-30689 [MEDIUM] vault: incorrect MFA enforcement after server restart
vault: incorrect MFA enforcement after server restart
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
Package: openshift-logging/logging-loki-rhel9 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: rhacm2/cluster-curator-controller-rhel8 (Red Hat Advanced Cluster Management for Kubernetes 2) - Not affected
Package: rhacm2/managedcluster-import-controller-rhel8 (Red Hat Advanced Cluster Management for Kubernetes 2) - Not affected
Package: rhacm2/multiclusterhub-rhel8 (Red Hat Advanced Cluster Management for Kubernetes 2) - Not
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-05-17
Published