CVE-2024-7594
Last modified
CVE-2024-7594 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp | Vault | >= 1.7.7, < 1.15.15 |
| Hashicorp | Vault | >= 1.7.7, < 1.17.6 |
| Hashicorp | Vault | >= 1.16.0, < 1.16.10 |
| Hashicorp | Vault | >= 1.17.0, < 1.17.6 |
| Openbao | Openbao | < 2.0.2 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-7594?
How severe is CVE-2024-7594?
How do I fix CVE-2024-7594?
Are you affected by CVE-2024-7594?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST