Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
History

Fri, 27 Sep 2024 01:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Thu, 26 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Hashicorp
Hashicorp vault Community Edition
Hashicorp vault Enterprise
CPEs cpe:2.3:a:hashicorp:vault_community_edition:*:*:*:*:*:*:*:*
cpe:2.3:a:hashicorp:vault_enterprise:*:*:*:*:*:*:*:*
Vendors & Products Hashicorp
Hashicorp vault Community Edition
Hashicorp vault Enterprise
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 26 Sep 2024 20:15:00 +0000

Type Values Removed Values Added
Description Vault’s SSH secrets engine did not require the {{valid_principals}} list to contain a value by default. If the {{valid_principals}} and {{default_user}} fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15. Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

Thu, 26 Sep 2024 20:00:00 +0000

Type Values Removed Values Added
Description Vault’s SSH secrets engine did not require the {{valid_principals}} list to contain a value by default. If the {{valid_principals}} and {{default_user}} fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
Title Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Weaknesses CWE-732
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2024-09-26T19:52:55.652Z

Updated: 2024-09-26T20:29:58.984Z

Reserved: 2024-08-07T17:46:31.343Z

Link: CVE-2024-7594

cve-icon Vulnrichment

Updated: 2024-09-26T20:27:27.031Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-26T20:15:07.687

Modified: 2024-09-30T12:46:20.237

Link: CVE-2024-7594

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-09-26T20:15:07Z

Links: CVE-2024-7594 - Bugzilla