CVE-2023-24999

Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation

CVSS 4.4 MEDIUMEPSS 0.6%CWE-863

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Affected products

HashiCorp · Vault HashiCorp · Vault Enterprise

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305 https://security.netapp.com/advisory/ntap-20230505-0001/