Code injection

2022-03-1017:47:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

28.6%

JSON

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.

CPENameOperatorVersion
vaultge1.9.0
vaultlt1.9.4
vaultge1.8.0
vaultlt1.8.9
vaultge1.7.0
vaultlt1.7.10

Name	Operator	Version
vault	ge	1.9.0
vault	lt	1.9.4
vault	ge	1.8.0
vault	lt	1.8.9
vault	ge	1.7.0
vault	lt	1.7.10

References

discuss.hashicorp.com

discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for PRION:CVE-2022-25244