CVE-2024-7594

Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type

GIT

Repo

https://github.com/hashicorp/vault

Events

Introduced

77b9623370a1da48362693d606ef28f678018378

Fixed

69a720d5d940bfcd590d7c24f3c98f178673d796

Introduced

72850df1bc10581b74ba5f0f7b3736f31c034235

Fixed

69a720d5d940bfcd590d7c24f3c98f178673d796

Database specific

{
    "versions": [
        {
            "introduced": "1.7.7"
        },
        {
            "fixed": "1.17.6"
        },
        {
            "introduced": "1.17.0"
        },
        {
            "fixed": "1.17.6"
        }
    ]
}

Type

GIT

Repo

https://github.com/openbao/openbao

Events

Introduced

Fixed

96853bb4de27ab8ffd1b0c2898c691460d43edeb

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.2"
        }
    ]
}

Affected versions

api/auth/approle/v0.*

api/auth/approle/v0.1.0

api/auth/approle/v0.1.1

api/auth/approle/v0.2.0

api/auth/approle/v0.3.0

api/auth/approle/v0.4.0

api/auth/approle/v0.4.1

api/auth/approle/v0.5.0

api/auth/approle/v0.6.0

api/auth/approle/v1.*

api/auth/approle/v1.1.0-development20240408

api/auth/approle/v2.*

api/auth/approle/v2.0.1

api/auth/approle/v2.2.0

api/auth/approle/v2.3.0

api/auth/approle/v2.3.1

api/auth/approle/v2.4.0

api/auth/approle/v2.5.0

api/auth/approle/v2.5.1

api/auth/aws/v0.*

api/auth/aws/v0.1.0

api/auth/aws/v0.2.0

api/auth/aws/v0.3.0

api/auth/aws/v0.4.0

api/auth/aws/v0.4.1

api/auth/aws/v0.5.0

api/auth/aws/v0.6.0

api/auth/aws/v1.*

api/auth/aws/v1.1.0-development20240408

api/auth/azure/v0.*

api/auth/azure/v0.1.0

api/auth/azure/v0.2.0

api/auth/azure/v0.3.0

api/auth/azure/v0.4.0

api/auth/azure/v0.4.1

api/auth/azure/v0.5.0

api/auth/azure/v1.*

api/auth/azure/v1.1.0-development20240408

api/auth/gcp/v0.*

api/auth/gcp/v0.1.0

api/auth/gcp/v0.2.0

api/auth/gcp/v0.3.0

api/auth/gcp/v0.4.0

api/auth/gcp/v0.4.1

api/auth/gcp/v0.5.0

api/auth/gcp/v0.6.0

api/auth/gcp/v1.*

api/auth/gcp/v1.1.0-development20240408

api/auth/jwt/v2.*

api/auth/jwt/v2.4.0

api/auth/jwt/v2.5.0

api/auth/jwt/v2.5.1

api/auth/kubernetes/v1.*

api/auth/kubernetes/v1.1.0-development20240408

api/auth/kubernetes/v2.*

api/auth/kubernetes/v2.0.1

api/auth/kubernetes/v2.2.0

api/auth/kubernetes/v2.3.0

api/auth/kubernetes/v2.3.1

api/auth/kubernetes/v2.4.0

api/auth/kubernetes/v2.5.0

api/auth/kubernetes/v2.5.1

api/auth/ldap/v1.*

api/auth/ldap/v1.1.0-development20240408

api/auth/ldap/v2.*

api/auth/ldap/v2.0.1

api/auth/ldap/v2.2.0

api/auth/ldap/v2.3.0

api/auth/ldap/v2.3.1

api/auth/ldap/v2.4.0

api/auth/ldap/v2.5.0

api/auth/ldap/v2.5.1

api/auth/userpass/v0.*

api/auth/userpass/v0.1.0

api/auth/userpass/v0.2.0

api/auth/userpass/v0.3.0

api/auth/userpass/v0.4.0

api/auth/userpass/v0.4.1

api/auth/userpass/v0.5.0

api/auth/userpass/v0.6.0

api/auth/userpass/v1.*

api/auth/userpass/v1.1.0-development20240408

api/auth/userpass/v2.*

api/auth/userpass/v2.0.1

api/auth/userpass/v2.2.0

api/auth/userpass/v2.3.0

api/auth/userpass/v2.3.1

api/auth/userpass/v2.4.0

api/auth/userpass/v2.5.0

api/auth/userpass/v2.5.1

api/v1.*

api/v1.0.1

api/v1.0.2

api/v1.0.3

api/v1.0.4

api/v1.1.0

api/v1.1.1

api/v1.10.0

api/v1.100.0-development20240408

api/v1.11.0

api/v1.12.0

api/v1.12.1

api/v1.12.2

api/v1.2.0

api/v1.3.1

api/v1.4.0

api/v1.5.0

api/v1.6.0

api/v1.7.0

api/v1.7.1

api/v1.7.2

api/v1.8.0

api/v1.8.1

api/v1.8.2

api/v1.8.3

api/v1.9.0

api/v1.9.1

api/v1.9.2

api/v2.*

api/v2.0.1

api/v2.1.0

api/v2.2.0

api/v2.3.0

api/v2.3.1

api/v2.4.0

api/v2.5.0

api/v2.5.1

Other

before-plugin-removal

dev-namespaces-base-20250215

dev-namespaces-base-20250311

dev-namespaces-base-20250424

dev-namespaces-tip-20250313

dev-namespaces-tip-20250424

fork-point

namespaces-branch-before-merge

namespaces-seal-before-rebase-20251001

read-replication-before-rebase-20250924

read-replication-before-rebase-20250929

read-replication-before-rebase-20251021

sdk/v0.*

sdk/v0.1.10

sdk/v0.1.11

sdk/v0.1.12

sdk/v0.1.13

sdk/v0.1.8

sdk/v0.1.9

sdk/v0.10.0

sdk/v0.10.1

sdk/v0.10.2

sdk/v0.11.0

sdk/v0.11.1

sdk/v0.2.0

sdk/v0.2.1

sdk/v0.3.0

sdk/v0.4.0

sdk/v0.4.1

sdk/v0.5.0

sdk/v0.5.1

sdk/v0.5.2

sdk/v0.5.3

sdk/v0.6.0

sdk/v0.6.1

sdk/v0.6.2

sdk/v0.7.0

sdk/v0.8.0

sdk/v0.8.1

sdk/v0.9.0

sdk/v0.9.1

sdk/v0.9.2

sdk/v1.*

sdk/v1.100.0-development20240408

sdk/v2.*

sdk/v2.0.1

sdk/v2.1.0

sdk/v2.2.0

sdk/v2.3.0

sdk/v2.3.1

sdk/v2.4.0

sdk/v2.5.0

sdk/v2.5.1

v1.*

v1.17.0

v1.17.1

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v1.7.10

v1.7.7

v1.7.8

v1.7.9

v2.*

v2.0.0

v2.0.0-alpha20240329

v2.0.0-beta20240618

v2.0.1

v2.1.0

v2.1.0-beta20241114

v2.1.0-beta20241114.1

v2.1.0-beta20241114.2

v2.1.0-beta20241114.3

v2.1.1

v2.2.0

v2.2.0-beta20250213

v2.2.1

v2.2.2

v2.3.0

v2.3.0-beta20250528

v2.3.1

v2.3.2

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.5.0

v2.5.0-beta20251125

v2.5.1

v2.5.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7594.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "1.7.7"
            },
            {
                "fixed": "1.15.15"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "1.16.0"
            },
            {
                "fixed": "1.16.10"
            }
        ]
    }
]