Main Vulnerability Database Vulnerabilities #VU97751

#VU97751 Improper authentication in Vault and Vault Enterprise - CVE-2024-7594

Published: September 27, 2024

Vulnerability identifier: #VU97751

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-7594

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Vault
Vault Enterprise

Software vendor:
HashiCorp

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host.

Remediation

Install updates from vendor's website.

External links

https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-secrets-engine-configuration-did-not-restrict-valid-principals-by-default/70251

#VU97751 Improper authentication in Vault and Vault Enterprise - CVE-2024-7594

Description

Remediation

External links

Please verify you're human