CVE-2024-2048

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382	Vendor Advisory
https://security.netapp.com/advisory/ntap-20240524-0009/	Third Party Advisory
https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382	Vendor Advisory
https://security.netapp.com/advisory/ntap-20240524-0009/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hashicorp:vault:::::-:::*
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*
	cpe:2.3:a:hashicorp:vault:::::-:::*
	cpe:2.3:a:hashicorp:vault:::::enterprise:::*

Configuration 2 (hide)

cpe:2.3:a:openbao:openbao:*:*:*:*:*:*:*:*

History

13 Nov 2025, 17:51

Type	Values Removed	Values Added
First Time		Openbao openbao Openbao
CPE		cpe:2.3:a:openbao:openbao::::::::

Information

Published : 2024-03-04 20:15

Updated : 2025-11-13 17:51

NVD link : CVE-2024-2048

Mitre link : CVE-2024-2048

CVE.ORG link : CVE-2024-2048

JSON object : View

Products Affected

openbao

openbao

hashicorp

vault

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2024-2048", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-03-04T20:15:50.690", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0009/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0009/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Vault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10."}, {"lang": "es", "value": "El m\u00e9todo de autenticaci\u00f3n de certificados TLS de Vault y Vault Enterprise (\u201cVault\u201d) no validaba correctamente los certificados de cliente cuando se configuraba con un certificado que no era CA como certificado confiable. En esta configuraci\u00f3n, un atacante puede crear un certificado malicioso que podr\u00eda usarse para eludir la autenticaci\u00f3n. Corregido en Vault 1.15.5 y 1.14.10."}], "lastModified": "2025-11-13T17:51:43.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "A6C6635E-C667-4498-9EA2-A0CB55D12792", "versionEndExcluding": "1.14.10"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "30AF0CCD-381E-430A-8AA0-0D8BA5D2C15E", "versionEndExcluding": "1.14.10"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "07DC1E7F-7803-4CB4-AA42-2781E3F1E612", "versionEndExcluding": "1.15.5", "versionStartIncluding": "1.15.0"}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "B92203A3-1C92-430B-8008-A4FC4745DEEE", "versionEndExcluding": "1.15.5", "versionStartIncluding": "1.15.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openbao:openbao:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5D539A5-4DBC-45DC-BEAB-FCDE4DD61384", "versionEndExcluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}