CVE-2024-7594 | HashiCorp Vault/Vault Enterprise up to 1.15.14/1.16.9/1.17.5 Engine Configuration valid_principals/default_user permission assignment

Posted by Angelo Barbosa | Sep 26, 2024 | CVE

A vulnerability, which was classified as critical, was found in HashiCorp Vault and Vault Enterprise up to 1.15.14/1.16.9/1.17.5. This affects an unknown part of the component Engine Configuration Handler. The manipulation of the argument valid_principals/default_user leads to incorrect permission assignment.

This vulnerability is uniquely identified as CVE-2024-7594. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-7594 | HashiCorp Vault/Vault Enterprise up to 1.15.14/1.16.9/1.17.5 Engine Configuration valid_principals/default_user permission assignment

Related Posts

CVE-2024-33073 | Qualcomm Snapdragon Auto up to X75 5G Modem-RF System ML IE BSS buffer over-read

CVE-2023-31546 | DedeBIZ 6.0.3 Search Box keyword cross site scripting

CVE-2024-0716 | Beijing Baichuo Smart S150 Management Platform V31R02B15 Backup File /log/download.php information disclosure

CVE-2024-2501 | Hubbub Lite Plugin up to 1.33.1 on WordPress code injection