CVE-2023-24999

HashiCorp Vault and Vault Enterprises approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
HashiCorpCNA
4.4 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
hashicorpvault
𝑥
< 1.10.11
hashicorpvault
𝑥
< 1.10.11
hashicorpvault
1.11.0 ≤
𝑥
< 1.11.8
hashicorpvault
1.11.0 ≤
𝑥
< 1.11.8
hashicorpvault
1.12.0 ≤
𝑥
< 1.12.4
hashicorpvault
1.12.0 ≤
𝑥
< 1.12.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305
https://security.netapp.com/advisory/ntap-20230505-0001/
https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305
https://security.netapp.com/advisory/ntap-20230505-0001/