Unauthenticated API Vulnerability in HashiCorp Vault Enterprise
CVE-2022-36129
9.1CRITICAL
What is CVE-2022-36129?
An unauthenticated API endpoint exists in HashiCorp Vault Enterprise clusters utilizing Integrated Storage, affecting versions 1.7.0 to 1.9.7, 1.10.4, and 1.11.0. This vulnerability enables an attacker to manipulate the voter status of nodes within a high availability (HA) cluster, potentially leading to future data loss or severe operational failures. To mitigate this risk, users are urged to upgrade to Vault Enterprise versions 1.9.8, 1.10.5, or 1.11.1.