CVE-2022-30689

medium

Description

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.

References

https://security.netapp.com/advisory/ntap-20220629-0006/

https://security.gentoo.org/glsa/202207-01

https://discuss.hashicorp.com

Details

Source: Mitre, NVD

Published: 2022-05-17

Updated: 2022-12-22

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium