Back to bug 2189761
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-04-26 05:27:42 UTC | CC | amctagga, jcantril, mrajanna, muagarwa, nbecker, ocs-bugs, periklis, tnielsen | |
| Product Security DevOps Team | 2023-04-26 12:12:53 UTC | Resolution | --- | NOTABUG |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-04-26 12:12:53 UTC | |||
| Avinash Hanwate | 2023-07-11 06:39:52 UTC | Doc Text | HashiCorp Vault Enterprise could allow a remote attacker to bypass security restrictions, caused by a flaw in the DR secondaries. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute `remove-peer` raft operator command without authentication. | |
| RaTasha Tillery-Smith | 2023-07-11 14:07:20 UTC | Doc Text | HashiCorp Vault Enterprise could allow a remote attacker to bypass security restrictions, caused by a flaw in the DR secondaries. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute `remove-peer` raft operator command without authentication. | A flaw was found in HashiCorp Vault Enterprise. This flaw allows a remote attacker to bypass security restrictions caused by a vulnerability in the DR secondaries. An attacker can execute the `remove-peer` raft operator command without authentication by sending a specially-crafted request. |
Back to bug 2189761