CVE-2024-7594
ADVISORY - githubSummary
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.
EPSS Score: 0.00731 (0.724)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Incorrect Permission Assignment for Critical Resource
ADVISORY - github
Incorrect Permission Assignment for Critical Resource
ADVISORY - gitlab
ADVISORY - redhat
Incorrect Permission Assignment for Critical Resource
NIST
CREATED
UPDATED
ADVISORY IDCVE-2024-7594
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-jg74-mwgw-v6x3
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.7highGoLang
CREATED
UPDATED
ADVISORY IDGO-2024-3162
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Bitnami
CREATED
UPDATED
ADVISORY ID
BIT-vault-2024-7594
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
8.8highRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2024-7594
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.5mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-c4r2-jfwp-c72c
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-ffv2-8642-86qf
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-r5cq-xg62-h8mq
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-