Home > Vulnerability Database > CVE-2022-41316

Mend.io Vulnerability Database

CVE-2022-41316

Good to know:

Date: October 11, 2022

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

Language: Go

Severity Score

5.3

Related Resources (7)

Url: https://github.com/advisories/GHSA-9mh8-9j64-443f

Url: https://discuss.hashicorp.com

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-41316

Url: https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483

Url: https://github.com/hashicorp/vault

Url: https://security.netapp.com/advisory/ntap-20221201-0001/

Url: https://www.mend.io/vulnerability-database/CVE-2022-41316

Severity Score

5.3

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

Top Fix

Upgrade Version

Upgrade to version v1.9.10,v1.10.7,v1.11.4,v1.12.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-41316

Good to know:

Date: October 11, 2022

Language: Go

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?