Vault SSH secrets engine vulnerability: unauthorized access via SSH certificates

CVE-2024-7594

7.5HIGH

Key Information

Vendor: Hashicorp
Status: Vault; Vault Enterprise
Vendor: CVE Published:; 26 September 2024

Summary

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

Affected Version(s)

Vault < 1.17.6

Vault Enterprise < 1.17.6

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 26, 2024
Vulnerability Reserved.
Aug 7, 2024

Collectors

NVD DatabaseMitre Database