CVE-2022-41316

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-41316

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41316.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-41316

Aliases

Related

CGA-48rq-33h6-6xw7

Published

2022-10-12T21:15:09.857Z

Modified

2026-02-03T08:03:09.466182Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Fixed

8efbff550621e280f8a052bacd2327385dbcd877

Introduced

ea296ccf58507b25051bc0597379c467046eb2f1

Fixed

b47a9e72942719f217f7750df18be36ec21dfc0e

Introduced

7738ec5d0d6f5bf94a809ee0f6ff0142cfa525a6

Fixed

f7968a9e62f03dc52ef961ac4b8d7d7e40d48aa0

Affected versions

v1.*

v1.10.0

v1.10.1

v1.10.2

v1.10.3

v1.10.4

v1.10.5

v1.10.6

v1.11.0

v1.11.1

v1.11.2

v1.11.3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41316.json"