Unrated severityNVD Advisory· Published Mar 7, 2022· Updated Aug 3, 2024
CVE-2022-25244
CVE-2022-25244
Description
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- HashiCorp Vault/Vault Enterprisedescription
- Range: <1.7.10, >=1.8.0 <1.8.9, >=1.9.0 <1.9.4
Patches
Vulnerability mechanics
References
2- discuss.hashicorp.commitrex_refsource_MISC
- discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.