admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-361xx/CVE-2022-36129.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

128 lines
4.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-36129",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-07-26T23:15:08.337",
"lastModified": "2024-11-21T07:12:27.497",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1."
},
{
"lang": "es",
"value": "Los cl\u00fasteres de HashiCorp Vault Enterprise 1.7.0 a 1.9.7, 1.10.4 y 1.11.0 que utilizan Integrated Storage exponen un punto final de API no autenticado que podr\u00eda ser abusado para anular el estado de votante de un nodo dentro de un cl\u00faster de Vault HA, introduciendo la posibilidad de una futura p\u00e9rdida de datos o un fallo catastr\u00f3fico. Corregido en Vault Enterprise 1.9.8, 1.10.5 y 1.11.1"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.7.0",
"versionEndIncluding": "1.9.7",
"matchCriteriaId": "C61A9B98-537D-4B3E-B8DB-2B745F194602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.10.0",
"versionEndIncluding": "1.10.4",
"matchCriteriaId": "8BF15D42-012D-42E2-94A8-41CB79AA1630"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:1.11.0:*:*:*:-:*:*:*",
"matchCriteriaId": "5374E2F4-F912-461D-A59B-1C5D474EB1FB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:1.11.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "DD2B7644-DDE6-46EA-BF39-3DD2087AD9E4"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20220901-0011/",
"source": "cve@mitre.org"
},
{
"url": "https://discuss.hashicorp.com",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://discuss.hashicorp.com/t/hcsec-2022-15-vault-enterprise-does-not-verify-existing-voter-status-when-joining-an-integrated-storage-ha-node/42420",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20220901-0011/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}
Reference in New Issue View Git Blame Copy Permalink