admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-31 02:31:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-249xx/CVE-2023-24999.json
René Helmke 572d23d780 Auto-Update: 2023-05-05T21:55:24.917263+00:00
2023-05-16 16:11:29 +02:00

144 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-24999",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-03-11T00:15:09.410",
"lastModified": "2023-05-05T20:15:10.137",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault and Vault Enterprise\u2019s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionEndExcluding": "1.10.11",
"matchCriteriaId": "9F8302EA-93E3-4181-8616-04598ED0C598"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "1.10.11",
"matchCriteriaId": "7C538086-CAAD-4E99-A250-2B51F7D4FA70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.11.0",
"versionEndExcluding": "1.11.8",
"matchCriteriaId": "6B9B93DD-17A5-4230-AD7D-C1D96046A73D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.11.0",
"versionEndExcluding": "1.11.8",
"matchCriteriaId": "FC94042C-B42F-4F60-92E7-5ECF0F0ABFD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndExcluding": "1.12.4",
"matchCriteriaId": "90C9579E-35EE-4DCE-96F6-DF64B52BBDE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndExcluding": "1.12.4",
"matchCriteriaId": "DE915EDC-95E7-4D29-AA3E-7D41108275F4"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305",
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230505-0001/",
"source": "security@hashicorp.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink