Vault Enterprise’s DR Secondaries Allowed Raft Peer Removal Without Authentication
Summary Vault Enterprise 1.6.0 and 1.6.1 allowed the remove-peer raft operator command to be executed against DR secondaries without authentication. This vulnerability, CVE-2021-3282, was fixed in Vault Enterprise 1.6.2. Background Vault Enterprise clusters configured with integrated storage also...