Main Vulnerability Database Vulnerabilities #VU73246

Improper access control in Vault and Vault Enterprise - CVE-2023-24999

Published: March 11, 2023

Vulnerability identifier: #VU73246

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-24999

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Vault
Vault Enterprise

Software vendor:
HashiCorp

Description

The vulnerability allows a remote user to perform a denial of service attack.

The vulnerability exists due to the way the application handles authentication based on Approle SecretID. A remote user with access to the "/auth/approle/role/:role_name/secret-id-accessor/destroy" endpoint can destroy the secret ID of any other role by providing the secret ID accessor and disable access to Vault for other users.

Remediation

Install updates from vendor's website.

External links

https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305

Improper access control in Vault and Vault Enterprise - CVE-2023-24999

Description

Remediation

External links

Please verify you're human