Security Advisory

CVE-2022-36129

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-07-26 22:21:51

Last updated 2024-08-03 10:00:01

Assigner mitre

State PUBLISHED

Description

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.

← Browse all CVEs View on cve.org ↗