Security context
UnratedGO-2024-2509 CVE-2021-3282Published Jun 28, 2024

Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault

Research this vulnerability

Research is free — Hunters explains how the bug works, the root-cause code pattern, how the fix addresses it, and how to test whether a target is affected, in chat. Investigate & write exploit is a paid run — the engine reads the advisory and fix commits, then builds and validates a working proof-of-concept exploit with reproduction steps.

Affected versions

1.6.0 → fixed in 1.6.2

Details

Improper Authentication in HashiCorp Vault in github.com/hashicorp/vault

The fix

Backport: Fix remove peers check (#10758) (#10782)

Vishal Nayak· Jan 26, 2021, 07:57 PM+1509f9068e22
vault/logical_system_helpers.go+0 4
@@ -92,10 +92,6 @@ var (
}
checkRaw = func(b *SystemBackend, path string) error { return nil }
-
- wrapHandleRaftRemovePeer = func(b *SystemBackend) framework.OperationFunc {
- return b.handleRaftRemovePeerUpdate()
- }
)
// tuneMount is used to set config on a mount point
vault/logical_system_raft.go+1 1
@@ -82,7 +82,7 @@ func (b *SystemBackend) raftStoragePaths() []*framework.Path {
Operations: map[logical.Operation]framework.OperationHandler{
logical.UpdateOperation: &framework.PathOperation{
- Callback: wrapHandleRaftRemovePeer(b),
+ Callback: b.verifyDROperationToken(b.handleRaftRemovePeerUpdate(), false),
Summary: "Remove a peer from the raft cluster.",
},
},

References