CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-30689

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.1%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://discuss.hashicorp.com
https://security.gentoo.org/glsa/202207-01
https://security.netapp.com/advisory/ntap-20220629-0006/
https://discuss.hashicorp.com
https://security.gentoo.org/glsa/202207-01
https://security.netapp.com/advisory/ntap-20220629-0006/

Products affected by CVE-2022-30689

Hashicorp » Vault » Version: 1.10.0

cpe:2.3:a:hashicorp:vault:1.10.0
Hashicorp » Vault » Version: 1.10.2

cpe:2.3:a:hashicorp:vault:1.10.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-30689

Products

Pricing

Contact Us