Описание
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.10.0 (включая) до 1.10.3 (исключая)Версия от 1.10.0 (включая) до 1.10.3 (исключая)
Одно из
cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 58%
0.0036
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
redhat
больше 3 лет назад
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
CVSS3: 5.3
github
больше 3 лет назад
HashiCorp Vault improper configuration of multi factor authentication
EPSS
Процентиль: 58%
0.0036
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
NVD-CWE-noinfo