admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-249xx/CVE-2023-24999.json

144 lines
4.5 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2023-24999",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-03-11T00:15:09.410",
Auto-Update: 2023-05-05T21:55:24.917263+00:00
2023-05-05 23:55:28 +02:00
"lastModified": "2023-05-05T20:15:10.137",
"vulnStatus": "Modified",
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise\u2019s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionEndExcluding": "1.10.11",
"matchCriteriaId": "9F8302EA-93E3-4181-8616-04598ED0C598"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "1.10.11",
"matchCriteriaId": "7C538086-CAAD-4E99-A250-2B51F7D4FA70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.11.0",
"versionEndExcluding": "1.11.8",
"matchCriteriaId": "6B9B93DD-17A5-4230-AD7D-C1D96046A73D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.11.0",
"versionEndExcluding": "1.11.8",
"matchCriteriaId": "FC94042C-B42F-4F60-92E7-5ECF0F0ABFD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndExcluding": "1.12.4",
"matchCriteriaId": "90C9579E-35EE-4DCE-96F6-DF64B52BBDE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndExcluding": "1.12.4",
"matchCriteriaId": "DE915EDC-95E7-4D29-AA3E-7D41108275F4"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305",
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
]
Auto-Update: 2023-05-05T21:55:24.917263+00:00
2023-05-05 23:55:28 +02:00
},
{
"url": "https://security.netapp.com/advisory/ntap-20230505-0001/",
"source": "security@hashicorp.com"
bootstrap
2023-04-24 12:24:31 +02:00
}
]
}
Reference in New Issue Copy Permalink