Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-30689

Опубликовано: 17 мая 2022
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/cluster-curator-controller-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/managedcluster-import-controller-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/multiclusterhub-rhel8Not affected
Red Hat OpenShift Container Platform 4openshift4/ose-installerNot affected
Red Hat OpenShift Container Platform 4openshift4/topology-aware-lifecycle-manager-rhel8-operatorNot affected
Red Hat Openshift Container Storage 4ocs4/cephcsi-rhel8Not affected
Red Hat Openshift Container Storage 4ocs4/mcg-rhel8-operatorNot affected
Red Hat Openshift Container Storage 4ocs4/ocs-rhel8-operatorNot affected
Red Hat Openshift Container Storage 4ocs4/rook-ceph-rhel8-operatorNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=2122462vault: incorrect MFA enforcement after server restart

EPSS

Процентиль: 58%
0.0036
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-30689

CVSS3: 5.3
nvd
больше 3 лет назад

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.

github логотип

GHSA-c5wc-v287-82pc

CVSS3: 5.3
github
больше 3 лет назад

HashiCorp Vault improper configuration of multi factor authentication

EPSS

Процентиль: 58%
0.0036
Низкий

5.3 Medium

CVSS3