CVE-2024-7594 — Incorrect Permission Assignment in Vault Enterprise

CWE-732 — Incorrect Permission Assignment5 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 30.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hashicorp Vault Enterprise Github.com Hashicorp Vault Github.com Openbao Openbao +2 more

Timeline

PublishedSep 26

Latest updateOct 9

Description

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5hashicorp/vault_enterprise1.7.7 — 1.17.6

▶NVDhashicorp/vault1.7.7 — 1.15.15+3

▶Gogithub.com/hashicorp_vault1.7.7 — 1.17.6

▶NVDopenbao/openbao< 2.0.2

▶Gogithub.com/openbao_openbao< 0.0.0-20241003222810-d5b4e9224698+1

🔴Vulnerability Details

OSV

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault↗2024-10-09

▶

OSV

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default↗2024-09-26

▶

GHSA

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default↗2024-09-26

▶

📋Vendor Advisories

Red Hat

hashicorp/vault: Vault SSH secrets engine configuration did not restrict valid principals by default↗2024-09-26

▶