Home > Vulnerability Database > CVE-2024-6468

Mend.io Vulnerability Database

CVE-2024-6468

Good to know:

Date: July 11, 2024

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxy_protocol_behavior, was set to deny_unauthorized. When receiving a request from a source IP address that was not listed in proxy_protocol_authorized_addrs, the Vault API server would shut down and no longer respond to any HTTP requests, potentially resulting in denial of service. While this bug also affected versions of Vault up to 1.17.1 and 1.16.5, a separate regression in those release series did not allow Vault operators to configure the deny_unauthorized option, thus not allowing the conditions for the denial of service to occur. Fixed in Vault and Vault Enterprise 1.17.2, 1.16.6, and 1.15.12.

Language: Go

Severity Score

7.5

Related Resources (5)

Url: https://github.com/hashicorp/vault

Url: https://discuss.hashicorp.com/t/hcsec-2024-14-vault-vulnerable-to-denial-of-service-when-setting-a-proxy-protocol-behavior/68518

Url: https://github.com/advisories/GHSA-2qmw-pvf7-4mw6

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6468

Url: https://www.mend.io/vulnerability-database/CVE-2024-6468

Severity Score

7.5

Weakness Type (CWE)

Improper Check or Handling of Exceptional Conditions

CWE-703

Top Fix

Upgrade Version

Upgrade to version github.com/hashicorp/vault-v1.15.12,v1.16.6,v1.17.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6468

Good to know:

Date: July 11, 2024

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?