-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/hashicorp/vault | go | >= 1.0, < 1.5.4 | 1.5.4 |
GoGoMiggo AIRoot Cause AnalysisThe vulnerability stems from incorrect tracking of Raft applied indices and delayed processing of lease expiration logs. The commit f192878 shows:- raft.go's AppliedIndex() was changed from using raft.AppliedIndex() to FSM's LatestState(), indicating the original implementation didn't properly account for FSM processing lag.- fsm.go's ApplyBatch handles log application with potential delays (applyDelay field), which could delay critical lease expiration updates. These functions directly control how lease expiration state is persisted and tracked in Raft storage.
Ongoing coverage of React2Shell