CVE-2024-7594

HIGH

Hashicorp Vault < 1.15.15 - Incorrect Permission Assignment

Title source: rule

Description

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

References (2)

[Vendor Advisory] https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-secrets-engine-configuration-did-not-restrict-valid-principals-by-default/70251

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20250110-0007/

Scores

CVSS v3 7.5

EPSS 0.0060

EPSS Percentile 69.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (5)

hashicorp/vault 1.7.7 - 1.15.15

hashicorp/vault 1.7.7 - 1.17.6

hashicorp/vault 1.7.7 - 1.17.6Go

openbao/openbao < 2.0.2

openbao/openbao 0.1.0Go

Published Sep 26, 2024

Tracked Since Feb 18, 2026