Vulnerability identifier: #VU68254

Vulnerability risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41316

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vault
Web applications / Modules and components for CMS
Vault Enterprise
Web applications / Modules and components for CMS

Vendor: HashiCorp

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the Certificate Revocation Lists (CRLs) implementation, which prevented Vault from denying access to users with revoked certificates without application reboot. As a result, when using TLS certificate authentication, Vault did not correctly perform CRL revocation checks if login occurred between Vault startup (or invalidation) and a manual retrieval of the CRL, allowing users to continue using the application with revoked certificates.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vault: 1.11.0 - 1.11.3, 1.10.0 - 1.10.6, 1.9.0 - 1.9.9

Vault Enterprise: 1.11.0 - 1.11.3, 1.10.0 - 1.10.6, 1.9.0 - 1.9.9

---

External links
http://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.