cbcvebase.
CVE-2022-41316
published 2022-10-12

CVE-2022-41316: HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on…

PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.40%
31.4th percentile
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_vault>= 0 < 1.9.101.9.10
github.comhashicorp_vault>= 1.10.0 < 1.10.71.10.7
github.comhashicorp_vault>= 1.11.0 < 1.11.41.11.4
hashicorpvault< 1.9.101.9.10
hashicorpvault>= 1.10.0 < 1.10.71.10.7
hashicorpvault>= 1.11.0 < 1.11.41.11.4

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.