Vault SSH secrets engine vulnerability: unauthorized access via SSH certificates
CVE-2024-7594

7.5HIGH

Key Information:

Vendor: Hashicorp
Status: Vault; Vault Enterprise
Vendor: CVE Published:; 26 September 2024

Summary

HashiCorp Vault's SSH secrets engine suffers from a configuration issue where the valid_principals list is not enforced by default. This allows an SSH certificate, requested by an authorized user, to potentially authenticate as any user on the host if the valid_principals and default_user fields are not set appropriately. The implications of this vulnerability can lead to significant security breaches if not addressed, making it crucial for organizations using Vault to ensure correct configuration of their SSH secrets engine.

Affected Version(s)

Vault 64 bit 1.7.7 < 1.17.6

Vault Enterprise 64 bit 1.7.7 < 1.17.6

References

https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-s...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 26, 2024
Vulnerability Reserved
Aug 7, 2024

Collectors

NVD DatabaseMitre Database