Fluid Attacks Database

Description

HashiCorp Vault improper configuration of multi factor authentication HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/hashicorp/vault	>=1.10.0 <1.10.3	1.10.3

Aliases

1. CVE-2022-306892. NVD-2022-306893. OSV-2022-306894. GCVE-2022-306895. security.gentoo.org

References

1. https://github.com/hashicorp/vault/commit/15baea5fa3e71c837c33b8bcbd8f06e0fbbc110d2. https://discuss.hashicorp.com3. https://github.com/hashicorp/vault4. https://security.netapp.com/advisory/ntap-20220629-0006

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.