A vulnerability, which was classified as critical, was found in HashiCorp Vault and Vault Enterprise up to 1.15.14/1.16.9/1.17.5. This affects an unknown part of the component Engine Configuration Handler. The manipulation of the argument valid_principals/default_user leads to incorrect permission assignment.
This vulnerability is uniquely identified as CVE-2024-7594. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.