HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the remove-peer
raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
{ "cpes": [ "cpe:2.3:a:hashicorp:vault:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:hashicorp:vault:1.6.1:*:*:*:*:*:*:*" ], "severity": "High" }