CVE-2024-2048Improper Certificate Validation in Vault

CWE-295Improper Certificate ValidationCWE-416Use After FreeCWE-476NULL Pointer DereferenceCWE-190Integer Overflow or WraparoundCWE-99Resource InjectionCWE-770Allocation of Resources Without Limits or Throttling14 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 51.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Hashicorp VaultHashicorp Vault EnterpriseLinux Kernel+3 more
Timeline
PublishedMar 4
Latest updateOct 21

Description

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

CVEListV5hashicorp/vault_enterprise1.15.51.16.0
CVEListV5hashicorp/vault1.15.51.16.0
NVDhashicorp/vault1.15.01.15.5+1
Gogithub.com/hashicorp_vault1.15.01.15.5+1
NVDopenbao/openbao< 2.0.0

🔴Vulnerability Details

5
OSV
CVE-2024-26713: In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add When a PCI devi2024-04-03
OSV
Authentication bypass in github.com/hashicorp/vault2024-03-14
GHSA
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function2024-03-06
GHSA
Incorrect TLS certificate auth method in Vault2024-03-04
OSV
Incorrect TLS certificate auth method in Vault2024-03-04

📋Vendor Advisories

4
Red Hat
kernel: block: fix integer overflow in BLKSECDISCARD2024-10-21
Red Hat
kernel: powerpc/pseries: Whitelist dtl slub object for copying to userspace2024-07-29
Red Hat
kernel: media: dvb-frontends: avoid stack overflow warnings with clang2024-05-01
Red Hat
hashicorp/vault: Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates2024-03-04