CVE-2023-24999: 
HashiCorp Vault vulnerability analysis and mitigation

HashiCorp Vault and Vault Enterprise's approle auth method contained a vulnerability (CVE-2023-24999) that allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. The vulnerability was discovered in early 2023 and has been fixed in Vault versions 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above (HashiCorp Discussion).

The vulnerability exists in the approle auth method's secret ID destruction process. When executing a command to destroy a secret ID via the /auth/approle/role/:role_name/secret-id-accessor/destroy endpoint, Vault failed to verify if the Secret ID accessor provided belongs to the role. This verification bypass allowed authenticated users to specify valid secret ID accessors that did not belong to their role or path permissions (HashiCorp Discussion). The vulnerability has been assigned a CVSS score of 8.1 (HIGH) with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H (NetApp Advisory).

Successful exploitation of this vulnerability could lead to addition or modification of data or Denial of Service (DoS). The affected approles would not be able to authenticate to Vault, potentially disrupting service access and authentication workflows (NetApp Advisory).

Organizations should upgrade to Vault Enterprise 1.13.0, 1.12.4, 1.11.8, 1.10.11, or newer versions to remediate this vulnerability. The fix has been implemented in these versions to properly verify secret ID accessor ownership before destruction operations (HashiCorp Discussion).