Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-24999HistoryMar 11, 2023 - 12:15 a.m.
CVE-2023-24999
2023-03-1100:15:00
Alpine Linux Development Team
security.alpinelinux.org
15
hashicorp vault
approle
unauthorized access
secret ids
fixed
versions
0.001 Low
EPSS
Percentile
43.8%
HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.17-community | noarch | vault | = 1.11.4-r3 | UNKNOWN |
Related
github
github
redhatcve
redhatcve
CVE-2023-24999
2023-03-13 17:14:03
osv
osv
CVE-2023-24999
2023-03-11 00:15:09
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
2023-07-06 19:24:11
BIT-vault-2023-24999
2024-03-06 11:09:14
cvelist
cvelist
wolfi
wolfi
CVE-2023-24999 vulnerabilities
2024-07-05 21:08:40
veracode
veracode
Denial Of Service (DoS)
2023-03-16 05:23:53
nvd
nvd
CVE-2023-24999
2023-03-11 00:15:09
cgr
cgr
CVE-2023-24999 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-24999
2023-03-11 00:15:09
prion
prion
Denial of service
2023-03-11 00:15:00
ibm
ibm
redhat
redhat