Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Vulnerability Description
Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected. This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
HashiCorp Vault 安全漏洞
Vulnerability Description
HashiCorp Vault是美国HashiCorp公司的一款私钥访问管理工具。 HashiCorp Vault、Vault Enterprise 1.17.0、1.16.3 和 1.15.9之前版本存在安全漏洞,该漏洞源于未正确验证 JSON Web Token (JWT) 角色绑定的受众声明,这可能导致 Vault 验证的 JWT 受众和角色绑定声明不匹配,从而允许无效登录成功。
CVSS Information
N/A
Vulnerability Type
N/A