CVE-2023-24999
published 2023-03-11CVE-2023-24999: HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID…
PriorityP343high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EPSS
0.60%
44.0th percentile
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 0 < 1.10.11 | 1.10.11 |
| github.com | hashicorp_vault | >= 1.11.0 < 1.11.8 | 1.11.8 |
| github.com | hashicorp_vault | >= 1.12.0 < 1.12.4 | 1.12.4 |
| hashicorp | vault | < 1.10.11 | 1.10.11 |
| hashicorp | vault | >= 1.11.0 < 1.11.8 | 1.11.8 |
| hashicorp | vault | >= 1.12.0 < 1.12.4 | 1.12.4 |
| hashicorp | vault_enterprise | < 1.10.11 | 1.10.11 |
| hashicorp | vault_enterprise | >= 1.11.0 < 1.11.8 | 1.11.8 |
| hashicorp | vault_enterprise | >= 1.12.0 < 1.12.4 | 1.12.4 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
ghsa8.1HIGH
osv8.1HIGH
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault
osv·2024-08-20
CVE-2023-24999 Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault
OSV
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
osv·2023-07-06·CVSS 8.1
CVE-2023-24999 [HIGH] Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
When using the Vault and Vault Enterprise (Vault) approle auth method, any authenticated user with access to the `/auth/approle/role/:role_name/secret-id-accessor/destroy` endpoint can destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability, CVE-2023-24999, has been fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
GHSA
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
ghsa·2023-07-06·CVSS 8.1
CVE-2023-24999 [HIGH] Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
When using the Vault and Vault Enterprise (Vault) approle auth method, any authenticated user with access to the `/auth/approle/role/:role_name/secret-id-accessor/destroy` endpoint can destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability, CVE-2023-24999, has been fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
Red Hat
Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
vendor_redhat·2023-03-10·CVSS 4.4
CVE-2023-24999 [MEDIUM] CWE-863 Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
A flaw was found in the Hashicorp vault. When using the Vault and Vault Enterprise approle auth method, any authenticated user with access to the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint can destroy the secret ID of another role by providing the secret ID accessor.
Package: openshift-logging/logging-loki-rhel9 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305https://security.netapp.com/advisory/ntap-20230505-0001/https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305https://security.netapp.com/advisory/ntap-20230505-0001/
2023-03-11
Published