HashiCorp Vault Ent <1.9.8 Unauth API Allows Voter Override
CVE-2022-36129 Published on July 26, 2022

HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1.

NVD

Products Associated with CVE-2022-36129

Want to know whenever a new CVE is published for HashiCorp Vault? stack.watch will email you.

HashiCorp Vault

Exploit Probability

EPSS

1.20%

Percentile

78.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

HashiCorp Vault Ent <1.9.8 Unauth API Allows Voter OverrideCVE-2022-36129 Published on July 26, 2022

Products Associated with CVE-2022-36129

Exploit Probability

HashiCorp Vault Ent <1.9.8 Unauth API Allows Voter Override
CVE-2022-36129 Published on July 26, 2022