DirectorySecurity Advisories
Sign In
Security Advisories

CGA-ccrf-775v-573j

Published

Last updated

https://images.chainguard.dev/security/CGA-ccrf-775v-573j
Package

vault-fips-1.15

Latest Update
Fixed
Fixed Version

1.15.9-r0

Aliases
  • CVE-2024-5798
  • GHSA-32cj-5wx4-gq8p

Severity

2.6

Low

CVSS V3

Summary

HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Description

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have been rejected.

This vulnerability, CVE-2024-5798, was fixed in Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation