Gentoo update for HashiCorp Vault



Published: 2022-08-04
Risk High
Patch available YES
Number of vulnerabilities 13
CVE-ID CVE-2020-25594
CVE-2021-27668
CVE-2021-3024
CVE-2021-3282
CVE-2021-32923
CVE-2021-37219
CVE-2021-38553
CVE-2021-38554
CVE-2021-41802
CVE-2021-43998
CVE-2021-45042
CVE-2022-25243
CVE-2022-30689
CWE-ID CWE-20
CWE-284
CWE-287
CWE-613
CWE-254
CWE-200
CWE-732
CWE-264
CWE-295
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Gentoo Linux
Operating systems & Components / Operating system

Vendor Gentoo

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU50453

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25594

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper access control

EUVDB-ID: #VU50968

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-27668

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and read Vault licenses from DR Secondaries.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU50454

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3024

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when responding to some invalid, unauthenticated HTTP requests.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Authentication

EUVDB-ID: #VU50970

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3282

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the application allows the `remove-peer` raft operator command to be executed against DR secondaries without authentication.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Insufficient Session Expiration

EUVDB-ID: #VU66113

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-32923

CWE-ID: CWE-613 - Insufficient Session Expiration

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to application allows the renewal of nearly-expired token leases and dynamic secret leases (specifically, those within 1 second of their maximum TTL), which caused them to be incorrectly treated as non-expiring during subsequent use. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Authentication

EUVDB-ID: #VU56146

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37219

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can use a specially crafted raft requests to bypass authentication process and gain unauthorized access to the application.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Security features bypass

EUVDB-ID: #VU55909

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38553

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to an excessively broad filesystem permissions flaw when initialized an underlying database file associated with the Integrated Storage feature. A remote attacker can bypass security features to launch further attacks on the system. 

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU55908

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-38554

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the cache of user-viewed secrets between sessions in a single shared browser. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Incorrect permission assignment for critical resource

EUVDB-ID: #VU66114

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-41802

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to incorrect permissions assignment. A remote user with write permission to an entity alias ID can share a mount accessor with another user to acquire this other user’s policies by merging their identities.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU66115

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43998

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to templated ACL policies always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination. A remote user can trigger incorrect policy enforcement.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU66116

Risk: Low

CVSSv3.1: 4.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45042

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly impose security restrictions in clusters using the Integrated Storage backend. A remote user with write permissions to a kv secrets engine can cause a panic and denial of service of the storage backend.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper Certificate Validation

EUVDB-ID: #VU66117

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25243

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to software allows the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. A remote user can bypass implemented security restriction and issue wildcard certificates.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Security features bypass

EUVDB-ID: #VU66118

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30689

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to application does not correctly configure and enforce MFA on login after server restarts. A remote attacker can bypass MFA policy and gain unauthorized access to the application.

Mitigation

Update the affected packages.
app-admin/vault to version: 1.10.3

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3 External links

http://security.gentoo.org/
http://security.gentoo.org/glsa/202207-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###