0.001 Low
EPSS
Percentile
38.3%
vault is vulnerable to privilege escalation. The vulnerability exists due to the allowing of the the remove-peer raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
remove-peer
discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337
secdb.alpinelinux.org/edge/community.yaml