Lucene search

K

Veracode Vulnerability DatabaseVERACODE:40062

HistoryApr 06, 2023 - 12:35 p.m.

Improper Authorization

2023-04-0612:35:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

github vault

improper authorization

vulnerability

pki mount issuer

endpoint

access

remove

modify

metadata

application crash

software

EPSS

0.001

Percentile

37.4%

github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability exists because the PKI mount issuer endpoints do not correctly authorize access to remove an issuer or modify issuer metadata which allows an attacker to cause an application crash.

References

bugzilla.redhat.com/show_bug.cgi?id=2182981

discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079

discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1

github.com/advisories/GHSA-hwc3-3qh6-r4gg

github.com/hashicorp/vault/commit/3913c2faf8b15739b5ccde56af9944cbe1637397

github.com/hashicorp/vault/commit/4d989439518d83bfbe8e365fa003b2f05fb37eea

github.com/hashicorp/vault/commit/5310b696ce14dfb349b9e0e80bdc8e351a7eb256

github.com/hashicorp/vault/pull/19711

github.com/hashicorp/vault/pull/19712

github.com/hashicorp/vault/pull/19713

security.netapp.com/advisory/ntap-20230526-0008/

EPSS

0.001

Percentile

37.4%

Related for VERACODE:40062

prion1 cgr1 nvd1 osv9 redhatcve1 wolfi1 github1 cve1 cvelist1 ibm1 redhat3