CVE-2022-30689

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-30689
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-30689.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-30689
Aliases
Withdrawn
2024-05-08T06:51:56.401544Z
Published
2022-05-17T18:15:08Z
Modified
2024-08-21T15:42:38.208519Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/vault
Events
Introduced
7738ec5d0d6f5bf94a809ee0f6ff0142cfa525a6
Fixed
af866591ee60485f05d6e32dd63dde93df686dfb

Affected versions

v1.*

v1.10.0
v1.10.1
v1.10.2