CVE-2022-25244

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-25244

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25244.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-25244

Aliases

BIT-vault-2022-25244

Published

2022-03-10T17:47:06Z

Modified

2025-02-19T03:23:53.202089Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Introduced

4e222b85c40a810b74400ee3c54449479e32bb9f

Fixed

d149271cc3442ccf8b1b46ceda157421a822fb44

Affected versions

api/v1.*

api/v1.1.0

sdk/v0.*

sdk/v0.2.0

v1.*

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9