Fluid Attacks Database

Description

Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/hashicorp/vault	>=1.7.7 <1.17.6	1.17.6
go	github.com/openbao/openbao	>=0.1.0 <2.0.2 \|\| >=0 <0.0.0-20241003222810-d5b4e9224698	0.0.0-20241003222810-d5b4e9224698

Aliases

1. CVE-2024-75942. NVD-2024-75943. OSV-2024-75944. GCVE-2024-7594

References

1. https://github.com/openbao/openbao/pull/5612. https://github.com/openbao/openbao/commit/d5b4e922469830ac335b21dc0e8f9878c501a8843. https://discuss.hashicorp.com/t/hcsec-2024-20-vault-ssh-secrets-engine-configuration-did-not-restrict-valid-principals-by-default/702514. https://openbao.org/docs/release-notes/2-0-0/#2025. https://pkg.go.dev/vuln/GO-2024-31626. https://security.netapp.com/advisory/ntap-20250110-0007

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.