Skip to content

x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-c5wc-v287-82pc #590

New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/hashicorp/vault: GHSA-c5wc-v287-82pc#590
Assignees
julieqiu
Labels
excluded: NOT_IMPORTABLEThis vulnerability only exists in a binary and is not importable.
@julieqiu

Description

@julieqiu
julieqiu
opened on Aug 1, 2022

In GitHub Security Advisory GHSA-c5wc-v287-82pc, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/hashicorp/vault 1.10.3 >= 1.10.0, < 1.10.3

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/hashicorp/vault
    versions:
      - introduced: 1.10.0
        fixed: 1.10.3
description: HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly
    configure and enforce MFA on login after server restarts. This affects the Login
    MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect
    the separate Enterprise MFA feature set. Fixed in 1.10.3.
published: 2022-05-18T00:00:32Z
last_modified: 2022-07-05T18:02:31Z
cves:
  - CVE-2022-30689
ghsas:
  - GHSA-c5wc-v287-82pc
links:
    context:
      - https://github.com/advisories/GHSA-c5wc-v287-82pc

Metadata

Metadata

Assignees

Labels

excluded: NOT_IMPORTABLEThis vulnerability only exists in a binary and is not importable.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions