HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hashicorp vault 1.6.0 |
||
hashicorp vault 1.6.1 |