CVE-2024-7594

Published: Sep 26, 2024Modified: Nov 13, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

Affected (5)

Products: Hashicorp: Vault · Openbao: Openbao

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Hashicorp Vault	From 1.7.7 to 1.17.6
Hashicorp Vault	From 1.16.0 to 1.16.10
Hashicorp Vault	From 1.17.0 to 1.17.6
Hashicorp Vault	From 1.7.7 to 1.15.15

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Openbao Openbao	Before 2.0.2

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-secrets-engine-configuration-did-not-restrict-valid-principals-by-default/70251

Source: security@hashicorp.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20250110-0007/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.