Veracode Vulnerability DatabaseVERACODE:39791Denial Of Service (DoS)
0.001 Low
EPSS
Percentile
43.8%
github.com/hashicorp/vault is vulnerable to Denial of Service (DoS) attacks. A malicious authenticated user is able to destroy the secret ID of any other role by providing the secret ID accessor via the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint, resulting in Denial of Service.
References
discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305
github.com/hashicorp/vault/commit/368b905a1860988a1529cab72d4f438290807992
github.com/hashicorp/vault/commit/a0beacda37cea0dd577421407c5083854a7228bc
github.com/hashicorp/vault/commit/d351364fa659f0b1c9d094c0e449ccbc46ff0e41
github.com/hashicorp/vault/commit/fa6cfd8ada04d561a9e29b87150fbd012fb50512
github.com/hashicorp/vault/pull/19348
github.com/hashicorp/vault/pull/19349
github.com/hashicorp/vault/pull/19350
github.com/hashicorp/vault/pull/19351
security.netapp.com/advisory/ntap-20230505-0001/
Related
