cvedb.io
CVE-2022-41316
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2022-10-12T21:15:09.857 · Last modified 2026-06-17T05:03:00.610

Summary

HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10.

Affected products

hashicorp — vault

Does this affect you?

Add your gear to cvedb and we'll alert you only when hashicorp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.