BIT-vault-2022-25244

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/vault/BIT-vault-2022-25244.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-vault-2022-25244
Aliases
Published
2024-03-06T11:10:08.366Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.

References

Affected packages

Bitnami / vault

Package

Name
vault
Purl
pkg:bitnami/vault

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
1.7.0
Fixed
1.7.10
Introduced
1.8.0
Fixed
1.8.9
Introduced
1.9.0
Fixed
1.9.4