CVE-2024-2048
Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.
El método de autenticación de certificados TLS de Vault y Vault Enterprise (“Vault”) no validaba correctamente los certificados de cliente cuando se configuraba con un certificado que no era CA como certificado confiable. En esta configuración, un atacante puede crear un certificado malicioso que podría usarse para eludir la autenticación. Corregido en Vault 1.15.5 y 1.14.10.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-03-01 CVE Reserved
- 2024-03-04 CVE Published
- 2024-03-05 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
- CAPEC-115: Authentication Bypass
References (2)
| URL | Tag | Source |
|---|---|---|
| https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382 | ||
| https://security.netapp.com/advisory/ntap-20240524-0009 |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| HashiCorp Search vendor "HashiCorp" | Vault Search vendor "HashiCorp" for product "Vault" | >= 1.15.5 < 1.16.0 Search vendor "HashiCorp" for product "Vault" and version " >= 1.15.5 < 1.16.0" | en |
Affected
| ||||||
| HashiCorp Search vendor "HashiCorp" | Vault Enterprise Search vendor "HashiCorp" for product "Vault Enterprise" | >= 1.15.5 < 1.16.0 Search vendor "HashiCorp" for product "Vault Enterprise" and version " >= 1.15.5 < 1.16.0" | en |
Affected
| ||||||