CVE-2024-2048 Vault Cert Auth Method Did Not Correctly Validate Non-CA Certificates

2024-03-0419:56:47

CWE-295

HashiCorp

github.com

vault

certificate

authentication

validation

vulnerability

fix

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.5

Confidence

Low

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:hashicorp:vault:1.15.5:*:*:*:*:*:*:*"
    ],
    "vendor": "hashicorp",
    "product": "vault",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.5",
        "lessThan": "1.16.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:hashicorp:vault_enterprise:1.15.5:*:*:*:*:*:*:*"
    ],
    "vendor": "hashicorp",
    "product": "vault_enterprise",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.5",
        "lessThan": "1.16.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]