6 matches found
CVE-2022-25244
A flaw was found in HashiCorp Vault Enterprise. This flaw allows a remote, authenticated attacker to obtain sensitive information caused by a vulnerability in the tokenization transform feature. A remote attacker can obtain the tokenization key by sending a specially-crafted request...
CVE-2022-25244
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...
CVE-2022-25244
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...
Code injection
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...
CVE-2022-25244
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10...
PT-2022-17175 · Hashicorp · Vault Enterprise
Name of the Vulnerable Software and Affected Versions: Vault Enterprise versions prior to 1.7.10 Vault Enterprise versions prior to 1.8.9 Vault Enterprise versions prior to 1.9.4 Description: The issue affects Vault Enterprise clusters that use the tokenization transform feature, potentially...