HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
References
Link | Resource |
---|---|
https://discuss.hashicorp.com | Vendor Advisory |
https://security.gentoo.org/glsa/202207-01 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220629-0006/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-17T17:23:05
Updated: 2022-08-01T20:07:32
Reserved: 2022-05-13T00:00:00
Link: CVE-2022-30689
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-05-17T18:15:08.777
Modified: 2022-12-22T20:23:43.740
Link: CVE-2022-30689
JSON object: View
Redhat Information
No data.
CWE