cbcvebase.
CVE-2024-7594
published 2024-09-26

CVE-2024-7594: Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH…

PriorityP349high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.27%
18.6th percentile
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

Affected

9 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_vault>= 1.7.7 < 1.17.61.17.6
github.comopenbao_openbao>= 0 < 0.0.0-20241003222810-d5b4e92246980.0.0-20241003222810-d5b4e9224698
github.comopenbao_openbao>= 0.1.0
hashicorpvault>= 1.16.0 < 1.16.101.16.10
hashicorpvault>= 1.17.0 < 1.17.61.17.6
hashicorpvault>= 1.7.7 < 1.15.151.15.15
hashicorpvault>= 1.7.7 < 1.17.61.17.6
hashicorpvault_enterprise>= 1.7.7 < 1.17.61.17.6
openbaoopenbao< 2.0.22.0.2

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.