CVE-2023-24999

EUVD-2023-2168
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
HashiCorpCNA
4.4 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
hashicorpvault
𝑥
< 1.10.11
hashicorpvault
𝑥
< 1.10.11
hashicorpvault
1.11.0 ≤
𝑥
< 1.11.8
hashicorpvault
1.11.0 ≤
𝑥
< 1.11.8
hashicorpvault
1.12.0 ≤
𝑥
< 1.12.4
hashicorpvault
1.12.0 ≤
𝑥
< 1.12.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305
https://security.netapp.com/advisory/ntap-20230505-0001/
https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305
https://security.netapp.com/advisory/ntap-20230505-0001/