BIT-VAULT-2021-27668

HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3...

CVE-2021-3282

A flaw was found in HashiCorp Vault Enterprise. This flaw allows a remote attacker to bypass security restrictions caused by a vulnerability in the DR secondaries. An attacker can execute the remove-peer raft operator command without authentication by sending a specially-crafted request...

PT-2021-17594 · Hashicorp · Hashicorp Vault Enterprise

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault Enterprise versions 0.9.2 through 1.6.2 Description: The issue allows the read of license metadata from DR secondaries without authentication. Recommendations: For HashiCorp Vault Enterprise versions 0.9.2 through 1.6.2, updat...

vault -- unauthenticated license read

vault developers report: Limited Unauthenticated License Read: We addressed a security vulnerability that allowed for the unauthenticated reading of Vault licenses from DR Secondaries...

Authentication flaw

HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the remove-peer raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2...

CVE-2021-3282

HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the remove-peer raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2...