GHSA-rq95-xf66-j689, CVE-2021-3282
go/github.com/hashicorp/vault
Improper Authentication
HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the remove-peer
raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
All versions starting from 1.6.0 before 1.6.2
Upgrade to version 1.6.2 or above.
2024-02-01
source |