---

CVE-2021-3282 - log back

CVE-2021-3282 edited at 01 Feb 2021 18:26:37
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Authentication bypass
Description	+ HashiCorp Vault Enterprise 1.6.0 and 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. This is fixed in version 1.6.2.
References	+ https://discuss.hashicorp.com/t/hcsec-2021-04-vault-enterprise-s-dr-secondaries-allowed-raft-peer-removal-without-authentication/20337

CVE-2021-3282 created at 01 Feb 2021 18:20:24
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes