Denial of service in HashiCorp Vault



Published: 2023-03-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2023-24999
CWE-ID CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Vault
Web applications / Modules and components for CMS

Vault Enterprise
Web applications / Modules and components for CMS

Vendor HashiCorp

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper access control

EUVDB-ID: #VU73246

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-24999

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to the way the application handles authentication based on Approle SecretID. A remote user with access to the "/auth/approle/role/:role_name/secret-id-accessor/destroy" endpoint can destroy the secret ID of any other role by providing the secret ID accessor and disable access to Vault for other users.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Vault: 1.0.0 - 1.12.3

Vault Enterprise: 1.0.0 - 1.12.3

External links

http://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###