HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-03-10T23:12:47.638Z

Updated: 2024-08-02T11:11:43.737Z

Reserved: 2023-02-01T17:54:13.893Z

Link: CVE-2023-24999

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-03-11T00:15:09.410

Modified: 2024-11-21T07:48:54.297

Link: CVE-2023-24999

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-03-10T00:00:00Z

Links: CVE-2023-24999 - Bugzilla