Improper authentication in Vault and Vault Enterprise - CVE-2024-7594

 

Improper authentication in Vault and Vault Enterprise - CVE-2024-7594

Published: September 27, 2024


Vulnerability identifier: #VU97751
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-7594
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: HashiCorp
Affected software:
Vault
Vault Enterprise

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host.


How to mitigate CVE-2024-7594

Install updates from vendor's website.

Sources