CVE-2024-2048

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Mar 4, 2024

Updated: Jun 10, 2024

CWE ID 295

Summary

CVE-2024-2048 is a vulnerability affecting Vault and Vault Enterprise ("Vault") that allows an attacker to bypass authentication using a maliciously crafted certificate. This issue arises when Vault incorrectly validates client certificates when a non-Certifying Authority (CA) certificate is configured as trusted. Consequently, an attacker could present a false certificate to gain unauthorized access. The vulnerability is addressed in Vault versions 1.15.5 and 1.14.10.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Vault Enterprise
HashiCorp Vault

Affected Vendors

HashiCorp Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/utS5Gn
https://www.cve.org/CVERecord?id=CVE-2024-2048
https://nvd.nist.gov/vuln/detail/CVE-2024-2048

Back to Vulnerability Database