/
DirectorySecurity AdvisoriesPricing
Sign inRequest a trial
Security Advisories

CVE-2023-24999

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-24999

Severity

8.1

High

CVSS CVSS_V3

Description

HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.

References

Affected packages


Safe Source for Open Source™
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs