CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-41316 – vault: insufficient certificate revocation list checking
https://notcve.org/view.php?id=CVE-2022-41316
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10. El método de autenticación de certificados TLS de HashiCorp Vault y Vault Enterprise no cargaba inicialmente la CRL configurada opcionalmente y emitida por la CA del rol en la memoria al iniciarse, resultando en que no se comprobara la lista de revocación si la CRL aún no era recuperada. Corregido en versiones 1.12.0, 1.11.4, 1.10.7 y 1.9.10 A flaw was found in HashiCorp Vault and Vault Enterprise. Vault’s TLS certificate auth method did not initially load the optionally-configured CRL issued by the role’s Certificate Authority (CA) into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. • https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483 https://security.netapp.com/advisory/ntap-20221201-0001 https://access.redhat.com/security/cve/CVE-2022-41316 https://bugzilla.redhat.com/show_bug.cgi?id=2135339 • CWE-295: Improper Certificate Validation •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-40186 – vault: Vault Entity Alias Metadata May Leak Between Aliases With The Same Name Assigned To The Same Entity
https://notcve.org/view.php?id=CVE-2022-40186
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault. Se ha detectado un problema en HashiCorp Vault y Vault Enterprise versiones anteriores a 1.11.3. Se ha encontrado una vulnerabilidad en el Motor de Identidades por la que, en una implementación en la que una entidad presenta varios accesos de montaje con nombres de alias compartidos, Vault puede sobrescribir los metadatos en el alias incorrecto debido a un problema de comprobación del alias correcto asignado a una entidad. • https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-18-vault-entity-alias-metadata-may-leak-between-aliases-with-the-same-name-assigned-to-the-same-entity/44550 https://security.netapp.com/advisory/ntap-20221111-0008 https://access.redhat.com/security/cve/CVE-2022-40186 https://bugzilla.redhat.com/show_bug.cgi?id=2181405 •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-36129
https://notcve.org/view.php?id=CVE-2022-36129
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1. Los clústeres de HashiCorp Vault Enterprise 1.7.0 a 1.9.7, 1.10.4 y 1.11.0 que utilizan Integrated Storage exponen un punto final de API no autenticado que podría ser abusado para anular el estado de votante de un nodo dentro de un clúster de Vault HA, introduciendo la posibilidad de una futura pérdida de datos o un fallo catastrófico. Corregido en Vault Enterprise 1.9.8, 1.10.5 y 1.11.1 • https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420 https://security.netapp.com/advisory/ntap-20220901-0011 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-25243
https://notcve.org/view.php?id=CVE-2022-25243
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4. Vault y Vault Enterprise versiones 1.8.0 a 1.8.8, y 1.9.3, permitían que el motor de secretos PKI, bajo determinadas configuraciones, emitiera certificados comodín a usuarios autorizados para un dominio especificado, incluso si el atributo de la política de rol PKI allow_subdomains está establecido en falso. Corregido en Vault Enterprise versiones 1.8.9 y 1.9.4 • https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600 https://security.gentoo.org/glsa/202207-01 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-25244
https://notcve.org/view.php?id=CVE-2022-25244
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10. Los clústeres de Vault Enterprise usando la funcionalidad tokenization transform pueden exponer la clave de tokenización mediante el endpoint de configuración de la clave de tokenización a operadores autorizados con permisos "read" en este endpoint. Corregido en Vault Enterprise versiones 1.9.4, 1.8.9 y 1.7.10 • https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599 •