CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-24999 – Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation
https://notcve.org/view.php?id=CVE-2023-24999
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. A flaw was found in the Hashicorp vault. When using the Vault and Vault Enterprise approle auth method, any authenticated user with access to the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint can destroy the secret ID of another role by providing the secret ID accessor. • https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305 https://security.netapp.com/advisory/ntap-20230505-0001 https://access.redhat.com/security/cve/CVE-2023-24999 https://bugzilla.redhat.com/show_bug.cgi?id=2177844 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-41316 – vault: insufficient certificate revocation list checking
https://notcve.org/view.php?id=CVE-2022-41316
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10. El método de autenticación de certificados TLS de HashiCorp Vault y Vault Enterprise no cargaba inicialmente la CRL configurada opcionalmente y emitida por la CA del rol en la memoria al iniciarse, resultando en que no se comprobara la lista de revocación si la CRL aún no era recuperada. Corregido en versiones 1.12.0, 1.11.4, 1.10.7 y 1.9.10 A flaw was found in HashiCorp Vault and Vault Enterprise. Vault’s TLS certificate auth method did not initially load the optionally-configured CRL issued by the role’s Certificate Authority (CA) into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. • https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-24-vaults-tls-cert-auth-method-only-loaded-crl-after-first-request/45483 https://security.netapp.com/advisory/ntap-20221201-0001 https://access.redhat.com/security/cve/CVE-2022-41316 https://bugzilla.redhat.com/show_bug.cgi?id=2135339 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43998 – vault: incorrect policy enforcement
https://notcve.org/view.php?id=CVE-2021-43998
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0. Las políticas ACL templadas de HashiCorp Vault y Vault Enterprise 0.11.0 versiones hasta 1.7.5 y 1.8.4 siempre coincidían con el primer alias de entidad creado si presentaban varios alias de entidad para una combinación especificada de entidad y montaje, resultando potencialmente en una aplicación incorrecta de la política. Corregido en Vault y Vault Enterprise versiones 1.7.6, 1.8.5 y 1.9.0 A flaw was found in HashiCorp Vault. In affected versions of HashiCorp Vault and Vault Enterprise, templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. • https://discuss.hashicorp.com/t/hcsec-2021-30-vaults-templated-acl-policies-matched-first-created-alias-per-entity-and-auth-backend/32132 https://security.gentoo.org/glsa/202207-01 https://access.redhat.com/security/cve/CVE-2021-43998 https://bugzilla.redhat.com/show_bug.cgi?id=2028193 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41802
https://notcve.org/view.php?id=CVE-2021-41802
HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policies by merging their identities. Fixed in Vault and Vault Enterprise 1.7.5 and 1.8.4. HashiCorp Vault y Vault Enterprise versiones hasta 1.7.4 y 1.8.3, permitían que un usuario con permiso de escritura en un ID de alias de entidad que compartía un accesorio de montaje con otro usuario adquiriera las políticas de este otro usuario al fusionar sus identidades. Corregido en Vault y Vault Enterprise versiones 1.7.5 y 1.8.4 • https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation https://security.gentoo.org/glsa/202207-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27668
https://notcve.org/view.php?id=CVE-2021-27668
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondaries without authentication. Fixed in 1.6.3. HashiCorp Vault Enterprise versiones 0.9.2 hasta 1.6.2, permitía la lectura de metadatos de licencia de DR secundarios sin autenticación. Corregido en versión 1.6.3 • https://discuss.hashicorp.com/t/hcsec-2021-05-vault-enterprise-s-dr-secondaries-exposed-license-metadata-without-authentication/21427 https://security.gentoo.org/glsa/202207-01 • CWE-306: Missing Authentication for Critical Function •