HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

2024-06-1221:31:19

CWE-285

GitHub Advisory Database

github.com

hashicorp

vault

jwt

audience claim

vulnerability

fixed

json web token

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N

AI Score

7.1

Confidence

High

EPSS

Percentile

9.0%

JSON

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.

This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9

Affected configurations

Vulners

Node

hashicorpvaultRange0.11.0–1.15.9

hashicorpvaultRange1.16.0-rc1–1.16.3

hashicorpvaultMatch1.17.0-rc1

VendorProductVersionCPE
hashicorpvault*cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*
hashicorpvault1.17.0-rc1cpe:2.3:a:hashicorp:vault:1.17.0-rc1:*:*:*:*:*:*:*