CVE-2024-7594
published 2024-09-26CVE-2024-7594: Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH…
PriorityP349high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.27%
18.6th percentile
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 1.7.7 < 1.17.6 | 1.17.6 |
| github.com | openbao_openbao | >= 0 < 0.0.0-20241003222810-d5b4e9224698 | 0.0.0-20241003222810-d5b4e9224698 |
| github.com | openbao_openbao | >= 0.1.0 | — |
| hashicorp | vault | >= 1.16.0 < 1.16.10 | 1.16.10 |
| hashicorp | vault | >= 1.17.0 < 1.17.6 | 1.17.6 |
| hashicorp | vault | >= 1.7.7 < 1.15.15 | 1.15.15 |
| hashicorp | vault | >= 1.7.7 < 1.17.6 | 1.17.6 |
| hashicorp | vault_enterprise | >= 1.7.7 < 1.17.6 | 1.17.6 |
| openbao | openbao | < 2.0.2 | 2.0.2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault
osv·2024-10-09
CVE-2024-7594 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default in github.com/hashicorp/vault
OSV
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
osv·2024-09-26
CVE-2024-7594 [HIGH] Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
GHSA
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
ghsa·2024-09-26
CVE-2024-7594 [HIGH] CWE-732 Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
Red Hat
hashicorp/vault: Vault SSH secrets engine configuration did not restrict valid principals by default
vendor_redhat·2024-09-26·CVSS 7.5
CVE-2024-7594 [HIGH] CWE-732 hashicorp/vault: Vault SSH secrets engine configuration did not restrict valid principals by default
hashicorp/vault: Vault SSH secrets engine configuration did not restrict valid principals by default
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
A flaw was found in Hashicorp Vault. Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requeste
No detection rules found.
No public exploits indexed.
2024-09-26
Published