Miggo Logo
Miggo Vulnerability Database
CVE-2021-3282

CVE-2021-3282: Improper Authentication in HashiCorp Vault

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-3282
GHSA ID
GHSA-rq95-xf66-j689
EPSS Score
0.4979%
CWE
CWE-287
Published
1/31/2024
Updated
1/31/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/hashicorp/vaultgo>= 1.6.0, < 1.6.21.6.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the raftStoragePaths endpoint configuration in logical_system_raft.go. The commit diff shows the operation handler for 'remove-peer' was changed from wrapHandleRaftRemovePeer(b) to b.verifyDROperationToken(b.handleRaftRemovePeerUpdate(), false). This indicates the original implementation (via wrapHandleRaftRemovePeer) did not include the verifyDROperationToken authentication check. The vulnerable handleRaftRemovePeerUpdate function was exposed through this unauthenticated path in affected versions, specifically impacting DR secondaries where authentication should be required for raft operator commands.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**s*i*orp V*ult *nt*rpris* *.*.* & *.*.* *llow** t** `r*mov*-p**r` r**t op*r*tor *omm*n* to ** *x**ut** ***inst *R s**on**ri*s wit*out *ut**nti**tion. *ix** in *.*.*.

Reasoning

T** vuln*r**ility st*ms *rom t** r**tStor***P*t*s *n*point *on*i*ur*tion in lo*i**l_syst*m_r**t.*o. T** *ommit *i** s*ows t** op*r*tion **n*l*r *or 'r*mov*-p**r' w*s ***n*** *rom wr*p**n*l*R**tR*mov*P**r(*) to *.v*ri*y*ROp*r*tionTok*n(*.**n*l*R**tR*m