CVE-2024-6468Improper Check or Handling of Exceptional Conditions in Vault

CWE-703Improper Check or Handling of Exceptional Conditions5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Hashicorp VaultHashicorp Vault EnterpriseGithub.com Hashicorp Vault
Timeline
PublishedJul 11
Latest updateJul 12

Description

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service. While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separa

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5hashicorp/vault_enterprise1.10.01.15.11
CVEListV5hashicorp/vault1.10.01.15.11
NVDhashicorp/vault1.10.01.15.12+2
Gogithub.com/hashicorp_vault1.10.01.16.3+3

🔴Vulnerability Details

3
OSV
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions in github.com/hashicorp/vault2024-07-12
GHSA
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions2024-07-11
OSV
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions2024-07-11

📋Vendor Advisories

1
Red Hat
vault: Denial of Service When Setting a Proxy Protocol Behavior2024-07-11