CVE-2021-3282

Improper Authentication in go/github.com/hashicorp/vault

Identifiers

GHSA-rq95-xf66-j689, CVE-2021-3282

Package Slug

go/github.com/hashicorp/vault

Vulnerability

Improper Authentication

Description

HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the remove-peer raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.

Affected Versions

All versions starting from 1.6.0 before 1.6.2

Solution

Upgrade to version 1.6.2 or above.

Last Modified

2024-02-01

source