CVE-2024-5798Improper Authentication in Vault

CWE-287Improper AuthenticationCWE-285Improper AuthorizationCWE-416Use After Free6 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 54.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Hashicorp VaultHashicorp Vault EnterpriseGithub.com Hashicorp Vault
Timeline
PublishedJun 12
Latest updateJul 1

Description

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected. This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5hashicorp/vault_enterprise0.11.01.16.2
CVEListV5hashicorp/vault0.11.01.16.2
NVDhashicorp/vault0.11.01.15.9+1
Gogithub.com/hashicorp_vault1.17.0-rc11.17.0+3

🔴Vulnerability Details

3
OSV
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault2024-07-01
OSV
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims2024-06-12
GHSA
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims2024-06-12

📋Vendor Advisories

1
Red Hat
github.com/hashicorp/vault: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault2024-06-12