CVE-2024-7594

Vault’s SSH secrets engine did not require the validprincipals list to contain a value by default. If the validprincipals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type

GIT

Repo

https://github.com/hashicorp/vault

Events

Introduced

77b9623370a1da48362693d606ef28f678018378

Fixed

69a720d5d940bfcd590d7c24f3c98f178673d796

Introduced

72850df1bc10581b74ba5f0f7b3736f31c034235

Fixed

69a720d5d940bfcd590d7c24f3c98f178673d796

Database specific

{
    "versions": [
        {
            "introduced": "1.7.7"
        },
        {
            "fixed": "1.17.6"
        },
        {
            "introduced": "1.17.0"
        },
        {
            "fixed": "1.17.6"
        }
    ]
}

Type

GIT

Repo

https://github.com/openbao/openbao

Events

Introduced

Fixed

96853bb4de27ab8ffd1b0c2898c691460d43edeb

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.2"
        }
    ]
}

Affected versions

api/auth/approle/v0.*

api/auth/approle/v0.1.0

api/auth/approle/v0.1.1

api/auth/approle/v0.2.0

api/auth/approle/v0.3.0

api/auth/approle/v0.4.0

api/auth/approle/v0.4.1

api/auth/approle/v1.*

api/auth/approle/v1.1.0-development20240408

api/auth/aws/v0.*

api/auth/aws/v0.1.0

api/auth/aws/v0.2.0

api/auth/aws/v0.3.0

api/auth/aws/v0.4.0

api/auth/aws/v0.4.1

api/auth/aws/v1.*

api/auth/aws/v1.1.0-development20240408

api/auth/azure/v0.*

api/auth/azure/v0.1.0

api/auth/azure/v0.2.0

api/auth/azure/v0.3.0

api/auth/azure/v0.4.0

api/auth/azure/v0.4.1

api/auth/azure/v1.*

api/auth/azure/v1.1.0-development20240408

api/auth/gcp/v0.*

api/auth/gcp/v0.1.0

api/auth/gcp/v0.2.0

api/auth/gcp/v0.3.0

api/auth/gcp/v0.4.0

api/auth/gcp/v0.4.1

api/auth/gcp/v1.*

api/auth/gcp/v1.1.0-development20240408

api/auth/kubernetes/v1.*

api/auth/kubernetes/v1.1.0-development20240408

api/auth/ldap/v1.*

api/auth/ldap/v1.1.0-development20240408

api/auth/userpass/v0.*

api/auth/userpass/v0.1.0

api/auth/userpass/v0.2.0

api/auth/userpass/v0.3.0

api/auth/userpass/v0.4.0

api/auth/userpass/v0.4.1

api/auth/userpass/v1.*

api/auth/userpass/v1.1.0-development20240408

api/v1.*

api/v1.0.1

api/v1.0.2

api/v1.0.3

api/v1.0.4

api/v1.1.1

api/v1.100.0-development20240408

api/v1.2.0

api/v1.3.1

api/v1.5.0

api/v1.6.0

api/v1.7.0

api/v1.7.1

api/v1.7.2

api/v1.8.0

api/v1.8.1

api/v1.8.2

api/v1.8.3

api/v1.9.0

api/v1.9.1

api/v1.9.2

Other

before-plugin-removal

fork-point

sdk/v0.*

sdk/v0.1.10

sdk/v0.1.11

sdk/v0.1.12

sdk/v0.1.13

sdk/v0.1.8

sdk/v0.1.9

sdk/v0.2.1

sdk/v0.3.0

sdk/v0.4.1

sdk/v0.5.0

sdk/v0.5.1

sdk/v0.5.3

sdk/v0.6.0

sdk/v0.6.1

sdk/v0.6.2

sdk/v0.7.0

sdk/v0.8.0

sdk/v0.9.0

sdk/v0.9.1

sdk/v1.*

sdk/v1.100.0-development20240408

v1.*

v1.17.0

v1.17.1

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v2.*

v2.0.0

v2.0.0-alpha20240329

v2.0.0-beta20240618

v2.0.1

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "1.7.7"
            },
            {
                "fixed": "1.15.15"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "1.16.0"
            },
            {
                "fixed": "1.16.10"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7594.json"