#VU94720 Improper Authentication in Vault Enterprise and Vault - CVE-2024-5798

Cybersecurity Help s.r.o.

Published: 2024-07-25

Vulnerability identifier: #VU94720

Vulnerability risk: Low

CVSSv4.0: 0.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-5798

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vault Enterprise
Web applications / Modules and components for CMS
Vault
Web applications / Modules and components for CMS

Vendor: HashiCorp

Description

The vulnerability allows a remote privileged user to bypass authentication process.

The vulnerability exists due to Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. A remote privileged user can bypass authentication process and gain unauthorized access to the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Vault Enterprise: before 1.15.9, 1.16.3, 1.17.0, 1.15.9

Vault: before 1.15.9, 1.16.3, 1.17.0, 1.15.9

External links
https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Cloud Pak for AIOps

Improper Authentication in HashiCorp Vault and Vault Enterprise