CVE-2022-25244 — Vulnetix

CVE-2022-25244 PUBLISHED

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.

EPSS 0.27% · 50.5th percentile

Risk Scores

EPSS Score

0.27%

50.5th percentile

Affected Products

Vendor	Product	Versions
Bitnami	vault	1.9.0, 1.8.0, 1.7.0
Bitnami	vault	1.7.0, 1.9.0, 1.8.0

Timeline

Mar 7, 2022 CVE Published
Mar 8, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 19, 2022 EPSS Score
Aug 10, 2022 EPSS Score
Oct 1, 2022 EPSS Score
Jan 11, 2023 EPSS Score
Mar 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 24, 2023 EPSS Score
Jun 15, 2023 EPSS Score
Aug 5, 2023 EPSS Score

References

https://discuss.hashicorp.com url
https://discuss.hashicorp.com/t/hcsec-2022-08-vault-enterprise-s-tokenization-transform-configuration-endpoint-may-expose-transform-key/36599 url
https://nvd.nist.gov/vuln/detail/CVE-2022-25244 url

Open in Interactive Console →