CVE-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...

PT-2022-17175 · Hashicorp · Vault Enterprise

Name of the Vulnerable Software and Affected Versions: Vault Enterprise versions prior to 1.7.10 Vault Enterprise versions prior to 1.8.9 Vault Enterprise versions prior to 1.9.4 Description: The issue affects Vault Enterprise clusters that use the tokenization transform feature, potentially...