CVE-2024-5798

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-5798

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5798.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-5798

Aliases

Related

CGA-ccc8-g76x-j2hw

Published

2024-06-12T19:15:51.413Z

Modified

2026-02-03T07:38:14.306415Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.

This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9

References

https://discuss.hashicorp.com/t/hcsec-2024-11-vault-incorrectly-validated-json-web-tokens-jwt-audience-claims/67770

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Introduced

87492f9258e0227f3717e3883c6a8be5716bf564

Fixed

d93899cf3e387f6ba4448953d9347571d819de62

Introduced

c20eae3e84c55bf5180ac890b83ee81c9d7ded8b

Fixed

e92d9a57018f43360e2e3717b3b6a7f650c88f4c

Affected versions

api/auth/approle/v0.*

api/auth/approle/v0.1.0

api/auth/approle/v0.1.1

api/auth/approle/v0.2.0

api/auth/approle/v0.3.0

api/auth/approle/v0.4.0

api/auth/approle/v0.4.1

api/auth/approle/v0.5.0

api/auth/approle/v0.6.0

api/auth/aws/v0.*

api/auth/aws/v0.1.0

api/auth/aws/v0.2.0

api/auth/aws/v0.3.0

api/auth/aws/v0.4.0

api/auth/aws/v0.4.1

api/auth/aws/v0.5.0

api/auth/aws/v0.6.0

api/auth/azure/v0.*

api/auth/azure/v0.1.0

api/auth/azure/v0.2.0

api/auth/azure/v0.3.0

api/auth/azure/v0.4.0

api/auth/azure/v0.4.1

api/auth/azure/v0.5.0

api/auth/gcp/v0.*

api/auth/gcp/v0.1.0

api/auth/gcp/v0.2.0

api/auth/gcp/v0.3.0

api/auth/gcp/v0.4.0

api/auth/gcp/v0.4.1

api/auth/gcp/v0.5.0

api/auth/gcp/v0.6.0

api/auth/kubernetes/v0.*

api/auth/kubernetes/v0.1.0

api/auth/kubernetes/v0.2.0

api/auth/kubernetes/v0.3.0

api/auth/kubernetes/v0.4.0

api/auth/kubernetes/v0.4.1

api/auth/kubernetes/v0.5.0

api/auth/kubernetes/v0.6.0

api/auth/ldap/v0.*

api/auth/ldap/v0.1.0

api/auth/ldap/v0.2.0

api/auth/ldap/v0.3.0

api/auth/ldap/v0.4.0

api/auth/ldap/v0.4.1

api/auth/ldap/v0.5.0

api/auth/ldap/v0.6.0

api/auth/userpass/v0.*

api/auth/userpass/v0.1.0

api/auth/userpass/v0.2.0

api/auth/userpass/v0.3.0

api/auth/userpass/v0.4.0

api/auth/userpass/v0.4.1

api/auth/userpass/v0.5.0

api/auth/userpass/v0.6.0

api/v1.*

api/v1.0.1

api/v1.0.2

api/v1.0.3

api/v1.0.4

api/v1.1.1

api/v1.10.0

api/v1.11.0

api/v1.12.0

api/v1.2.0

api/v1.3.1

api/v1.5.0

api/v1.6.0

api/v1.7.0

api/v1.7.1

api/v1.7.2

api/v1.8.0

api/v1.8.1

api/v1.8.2

api/v1.8.3

api/v1.9.0

api/v1.9.1

api/v1.9.2

ent-changelog-1.*

ent-changelog-1.15.7

ent-changelog-1.15.8

Other

last-go-modable

main-creation

sdk/v0.*

sdk/v0.1.10

sdk/v0.1.11

sdk/v0.1.12

sdk/v0.1.13

sdk/v0.1.8

sdk/v0.1.9

sdk/v0.10.0

sdk/v0.10.1

sdk/v0.10.2

sdk/v0.11.0

sdk/v0.2.1

sdk/v0.3.0

sdk/v0.4.1

sdk/v0.5.0

sdk/v0.5.1

sdk/v0.5.3

sdk/v0.6.0

sdk/v0.6.1

sdk/v0.6.2

sdk/v0.7.0

sdk/v0.8.0

sdk/v0.9.0

sdk/v0.9.1

sdk/v0.9.2

v0.*

v0.11.0

v0.11.1

v0.11.2

v0.11.3

v0.11.4

v1.*

v1.0.0

v1.0.0-beta1

v1.0.0-beta2

v1.0.0-rc1

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.0-beta1

v1.1.0-beta2

v1.1.1

v1.1.2

v1.15.0

v1.15.0-rc1

v1.15.1

v1.15.2

v1.15.3

v1.15.4

v1.15.5

v1.15.6

v1.15.7+ent

v1.15.8+ent

v1.16.0

v1.16.0-rc1

v1.16.0-rc2

v1.16.0-rc3

v1.16.1

v1.16.2

v1.2.0

v1.2.0-beta1

v1.2.0-beta2

v1.2.0-rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5798.json"