4 matches found
EUVD-2024-0421
Malicious code in bioql PyPI...
CVE-2021-3282
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the remove-peer raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2...
HashiCorp Vault Enterprise 授权问题漏洞
HashiCorp Vault is a private key access management tool from HashiCorp USA. An unauthorized access vulnerability exists in HashiCorp Vault Enterprise versions 1.6.0 and 1.6.1 that allows execution of the remove-peer raft operator command on the disaster recovery side without authentication. No...
Vault Enterprise’s DR Secondaries Allowed Raft Peer Removal Without Authentication
Summary Vault Enterprise 1.6.0 and 1.6.1 allowed the remove-peer raft operator command to be executed against DR secondaries without authentication. This vulnerability, CVE-2021-3282, was fixed in Vault Enterprise 1.6.2. Background Vault Enterprise clusters configured with integrated storage also...