NVD

Vulnerability Change Records for CVE-2023-24999

Action	Type	Old Value	New Value
Added	CPE Configuration		OR cpe:2.3:a:hashicorp:vault:::::-::: versions up to (excluding) 1.10.11 cpe:2.3:a:hashicorp:vault:::::enterprise::: versions up to (excluding) 1.10.11 cpe:2.3:a:hashicorp:vault:::::-::: versions from (including) 1.11.0 up to (excluding) 1.11.8 cpe:2.3:a:hashicorp:vault:::::enterprise::: versions from (including) 1.11.0 up to (excluding) 1.11.8 cpe:2.3:a:hashicorp:vault:::::-::: versions from (including) 1.12.0 up to (excluding) 1.12.4 cpe:2.3:a:hashicorp:vault:::::enterprise::: versions from (including) 1.12.0 up to (excluding) 1.12.4
Added	CVSS V3.1		NIST AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Added	CWE		NIST CWE-863
Changed	Reference Type	https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305 No Types Assigned	https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305 Vendor Advisory