Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:BIT-VAULT-2024-5798
HistoryJun 17, 2024 - 7:39 a.m.

BIT-vault-2024-5798

2024-06-1707:39:45
Google
osv.dev
179
vault
vault enterprise
json web token
jwt
vulnerability
cve-2024-5798
fix
1.17.0
1.16.3
1.15.9
software

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

0

Percentile

9.0%

JSON

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9

Related

cve 1
github 1
cvelist 1
osv 4
redhatcve 1
veracode 1
vulnrichment 1
nvd 1
ibm 1
cve
cve
CVE-2024-5798
2024-06-12 19:15:51
github
github
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
2024-06-12 21:31:19
cvelist
cvelist
CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
2024-06-12 18:55:24
osv
osv
CGA-ccrf-775v-573j
2024-07-15 21:55:49
CGA-5c6x-xwm6-g66f
2024-07-15 21:52:59
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault
2024-07-01 19:59:12
redhatcve
redhatcve
CVE-2024-5798
2024-07-05 09:52:38
veracode
veracode
Improper Authorization
2024-06-13 11:49:47
vulnrichment
vulnrichment
CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
2024-06-12 18:55:24
nvd
nvd
CVE-2024-5798
2024-06-12 19:15:51
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
2024-06-26 16:06:34

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for OSV:BIT-VAULT-2024-5798
cve1github1cvelist1osv4redhatcve1veracode1vulnrichment1nvd1ibm1