CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2048 – Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
https://notcve.org/view.php?id=CVE-2024-2048
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10. El método de autenticación de certificados TLS de Vault y Vault Enterprise (“Vault”) no validaba correctamente los certificados de cliente cuando se configuraba con un certificado que no era CA como certificado confiable. En esta configuración, un atacante puede crear un certificado malicioso que podría usarse para eludir la autenticación. • https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382 https://security.netapp.com/advisory/ntap-20240524-0009 • CWE-295: Improper Certificate Validation •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-1329 – Nomad Vulnerable to Arbitrary Write Through Symlink Attack
https://notcve.org/view.php?id=CVE-2024-1329
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14. HashiCorp Nomad y Nomad Enterprise 1.5.13 hasta 1.6.6 y 1.7.3 el renderizador de plantillas es vulnerable a la escritura de archivos arbitrarios en el host como usuario del cliente Nomad a través de ataques de enlaces simbólicos. Corregido en Nomad 1.7.4, 1.6.7, 1.5.14. • https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1052 – Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
https://notcve.org/view.php?id=CVE-2024-1052
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application. Boundary and Boundary Enterprise (“Boundary”) es vulnerable al secuestro de sesión mediante la manipulación del certificado TLS. Un atacante con privilegios para enumerar sesiones activas o pendientes, obtener una clave privada perteneciente a una sesión y obtener un token de confianza en el primer uso (TOFU) válido puede manipular un certificado TLS para secuestrar una sesión activa y obtener acceso al servicio subyacente o solicitud. • https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-0831 – Vault May Expose Sensitive Information When Configuring An Audit Log Device
https://notcve.org/view.php?id=CVE-2024-0831
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`. Vault y Vault Enterprise (“Vault”) pueden exponer información confidencial al habilitar un dispositivo de auditoría que especifica la opción `log_raw`, que puede registrar información confidencial en otros dispositivos de auditoría, independientemente de si están configurados para usar `log_raw`. • https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311 https://security.netapp.com/advisory/ntap-20240223-0005 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-6337 – Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
https://notcve.org/view.php?id=CVE-2023-6337
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. HashiCorp Vault y Vault Enterprise 1.12.0 y versiones posteriores son vulnerables a una denegación de servicio debido al agotamiento de la memoria del host cuando se manejan grandes solicitudes HTTP autenticadas y no autenticadas de un cliente. Vault intentará asignar la solicitud a la memoria, lo que provocará que se agote la memoria disponible en el host, lo que puede provocar que Vault falle. Corregido en Vault 1.15.4, 1.14.8, 1.13.12. • https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741 https://security.netapp.com/advisory/ntap-20240112-0006 • CWE-770: Allocation of Resources Without Limits or Throttling •