CVE-2024-7594

Name of the Vulnerable Software and Affected Versions HashiCorp Vault Community Edition versions prior to 1.17.6 HashiCorp Vault Enterprise versions prior to 1.17.6, 1.16.10, and 1.15.15

Description The issue arises from the SSH secrets engine not requiring the valid principals list to contain a value by default. If the valid principals and default user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault's SSH secrets engine could be used to authenticate as any user on the host.

Recommendations For HashiCorp Vault Community Edition versions prior to 1.17.6, update to version 1.17.6 or later. For HashiCorp Vault Enterprise versions prior to 1.17.6, update to version 1.17.6 or later. For HashiCorp Vault Enterprise versions prior to 1.16.10, update to version 1.16.10 or later. For HashiCorp Vault Enterprise versions prior to 1.15.15, update to version 1.15.15 or later. As a temporary workaround, consider setting the valid principals and default user fields in the SSH secrets engine configuration to restrict access.