Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2022-25244

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with read permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.

  • Published: Mar 10, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-25244
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
hashicorp / vault 1.9.0 1.9.4
hashicorp / vault 1.8.0 1.8.9
hashicorp / vault 1.7.0 1.7.10