BIT-vault-2022-41316

BIT-vault-2022-41316 PUBLISHED CVSS 5.300000190734863 MEDIUM

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products

Vendor	Product	Versions
Bitnami	vault	0, 1.10.0, 1.11.0

Timeline

Mar 6, 2024 CVE Published
Apr 3, 2025 CVE Updated

References

https://discuss.hashicorp.com url
https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483 url
https://security.netapp.com/advisory/ntap-20221201-0001/ url
https://nvd.nist.gov/vuln/detail/CVE-2022-41316 url

Open in Interactive Console →