Incorrect Permission Assignment for Critical Resource

CVE-2024-7594

High

8.8/10

Summary

Vault's SSH secrets engine did not require the "valid_principals" list to contain a value by default. If the "valid_principals", and "default_user" fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault's SSH secrets engine could be used to authenticate as any user on the host. This vulnerability affects github.com/hashicorp/vault package versions 1.7.7 through 1.17.5, and 1.18.0-rc1. This vulnerability fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-732 - Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

Advisory Timeline

Published Sep 26, 2024

Incorrect Permission Assignment for Critical Resource

CVE-2024-7594

Summary

CWE-732 - Incorrect Permission Assignment for Critical Resource

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS