CVE-2024-7594 HIGH

CVE-2024-7594: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Vendor Hashicorp
Product Vault
Weakness CWE-732
Published September 26, 2024
Last update January 10, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

Key dates

02Disclosure timeline

September 26, 2024 CVE published
January 10, 2025 Record updated