SB2022080439 - Gentoo update for HashiCorp Vault

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022080439

SB2022080439 - Gentoo update for HashiCorp Vault

Published: August 4, 2022

Security Bulletin ID SB2022080439
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 8% Medium 69% Low 23%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2020-25594)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests.


2) Improper access control (CVE-ID: CVE-2021-27668)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and read Vault licenses from DR Secondaries.


3) Input validation error (CVE-ID: CVE-2021-3024)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests.


4) Improper Authentication (CVE-ID: CVE-2021-3282)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the application allows the `remove-peer` raft operator command to be executed against DR secondaries without authentication.


5) Insufficient Session Expiration (CVE-ID: CVE-2021-32923)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to application allows the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.


6) Improper Authentication (CVE-ID: CVE-2021-37219)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can use a specially crafted raft requests to bypass authentication process and gain unauthorized access to the application.


7) Security features bypass (CVE-ID: CVE-2021-38553)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to an excessively broad filesystem permissions flaw when initialized an underlying database file associated with the Integrated Storage feature. A remote attacker can bypass security features to launch further attacks on the system. 


8) Information disclosure (CVE-ID: CVE-2021-38554)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the cache of user-viewed secrets between sessions in a single shared browser. A local user can gain unauthorized access to sensitive information on the system.


9) Incorrect permission assignment for critical resource (CVE-ID: CVE-2021-41802)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to incorrect permissions assignment. A remote user with write permission to an entity alias ID can share a mount accessor with another user to acquire this other user’s policies by merging their identities.


10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-43998)

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to templated ACL policies always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination. A remote user can trigger incorrect policy enforcement.


11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-45042)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly impose security restrictions in clusters using the Integrated Storage backend. A remote user with write permissions to a kv secrets engine can cause a panic and denial of service of the storage backend.


12) Improper Certificate Validation (CVE-ID: CVE-2022-25243)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to software allows the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. A remote user can bypass implemented security restriction and issue wildcard certificates.


13) Security features bypass (CVE-ID: CVE-2022-30689)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to application does not correctly configure and enforce MFA on login after server restarts. A remote attacker can bypass MFA policy and gain unauthorized access to the application.


Remediation

Install update from vendor's website.

References