Описание
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.
A flaw was found in Vault and Vault Enterprise's TLS certificate authentication method. This vulnerability allows an attacker to bypass authentication via a crafted malicious certificate when a non-CA certificate is used as a trusted certificate.
Отчет
Note this vulnerability is in github.com/hashicorp/vault, but not in github.com/hashicorp/vault/api, which is a separate and independent module. For this reason none of the Red Hat offerings are not affected at all by this vulnerability.
Меры по смягчению последствий
There's no mitigation available for this issue other than update the affected package to the version containing the fix.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Openshift Data Foundation 4 | odf4/cephcsi-rhel9 | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/mcg-cli-rhel9 | Will not fix | ||
| Red Hat Openshift Data Foundation 4 | odf4/mcg-rhel9-operator | Will not fix | ||
| Red Hat Openshift Data Foundation 4 | odf4/ocs-metrics-exporter-rhel9 | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/ocs-must-gather-rhel8 | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/ocs-rhel9-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/odf-cli-rhel9 | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/odf-rhel8-operator | Not affected | ||
| Red Hat Openshift Data Foundation 4 | odf4/rook-ceph-rhel8-operator | Will not fix | ||
| Red Hat Trusted Application Pipeline | quay.io/redhat-appstudio/rhtap-task-runner | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
8.1 High
CVSS3
Связанные уязвимости
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.
Incorrect TLS certificate auth method in Vault
Уязвимость платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю обойти процесс аутентификации
8.1 High
CVSS3