Bug 2177844 (CVE-2023-24999) - CVE-2023-24999 Hashicorp/vault: Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
Summary: CVE-2023-24999 Hashicorp/vault: Vault Fails to Verify if Approle SecretID Bel...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2023-24999
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2177846 2177847 2177848 2177849 2177850 2177851 2177852
Blocks: 2177739
TreeView+ depends on / blocked
 
Reported: 2023-03-13 17:03 UTC by Avinash Hanwate
Modified: 2023-06-23 01:45 UTC (History)
11 users (show)

Fixed In Version: Vault 1.13.0, Vault 1.12.4, Vault 1.11.8, Vault 1.10.11
Clone Of:
Environment:
Last Closed: 2023-06-23 01:45:55 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:3742 0 None None None 2023-06-22 19:52:23 UTC

Description Avinash Hanwate 2023-03-13 17:03:25 UTC 
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.

https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305
Comment 4 errata-xmlrpc 2023-06-22 19:52:21 UTC 
This issue has been addressed in the following products:

  RHODF-4.13-RHEL-9

Via RHSA-2023:3742 https://access.redhat.com/errata/RHSA-2023:3742
Comment 5 Product Security DevOps Team 2023-06-23 01:45:52 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-24999
Note You need to log in before you can comment on or make changes to this bug.