CVE-2023-24999

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-24999

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24999.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-24999

Aliases

Related

CGA-2gfc-9gvm-6cmq

Published

2023-03-11T00:15:09.410Z

Modified

2026-02-05T08:54:27.184686Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Introduced

558abfa75702b5dab4c98e86b802fb9aef43b0eb

Fixed

0d09e842ac33626e0263d273510e08e1d079d921

Introduced

ea296ccf58507b25051bc0597379c467046eb2f1

Fixed

368b905a1860988a1529cab72d4f438290807992

Fixed

d351364fa659f0b1c9d094c0e449ccbc46ff0e41

Affected versions

v1.*

v1.11.0

v1.11.1

v1.11.2

v1.11.3

v1.11.4

v1.11.5

v1.11.6

v1.11.7

v1.12.0

v1.12.1

v1.12.2

v1.12.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-24999.json"