Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

CVE-2024-5798

What is CVE-2024-5798?

HashiCorp Vault and Vault Enterprise had a security vulnerability that stemmed from improper validation of the JSON Web Token (JWT) role-bound audience claim during JWT authentication. This flaw may allow an attacker to introduce a malicious JWT, which could bypass authentication checks, facilitating unauthorized access. The vulnerability has been addressed in versions 1.17.0, 1.16.3, and 1.15.9, ensuring that only valid JWTs that correctly align with the audience and role-bound claims are accepted for authentication.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References