CVE-2022-30689
Summary
| CVE | CVE-2022-30689 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-17 18:15:00 UTC |
| Updated | 2022-12-22 20:23:00 UTC |
| Description | HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2022-30689 HashiCorp Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| HashiCorp Discuss | MISC | discuss.hashicorp.com | |
| HashiCorp Vault: Multiple Vulnerabilities (GLSA 202207-01) — Gentoo security | GENTOO | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710575 Gentoo Linux HashiCorp Vault Multiple Vulnerabilities (GLSA 202207-01)