CVE-2023-24999Incorrect Authorization in Vault Enterprise

CWE-863Incorrect Authorization5 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.1%
top 68.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Hashicorp Vault EnterpriseGithub.com Hashicorp VaultHashicorp Vault
Timeline
PublishedMar 11
Latest updateAug 20

Description

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

NVDhashicorp/vault1.11.01.11.8+2
CVEListV5hashicorp/vault_enterprise1.12.01.12.4+2
Gogithub.com/hashicorp_vault1.11.01.11.8+2

🔴Vulnerability Details

3
OSV
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault2024-08-20
OSV
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation2023-07-06
GHSA
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation2023-07-06

📋Vendor Advisories

1
Red Hat
Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation2023-03-10