Tokenization Key Exposure in Vault Enterprise Clusters

Tokenization Key Exposure in Vault Enterprise Clusters

CVE-2022-25244 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.

Learn more about our Web Application Penetration Testing UK.