{"uuid": "eae23ffd-81ce-4ed0-a48b-d2ddd2661aa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-7594", "type": "seen", "source": "https://t.me/cvedetector/6457", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-7594 - Vault SSH Secrets Engine Unrestricted Authentication\", \n  \"Content\": \"CVE ID : CVE-2024-7594 \nPublished : Sept. 26, 2024, 8:15 p.m. | 46\u00a0minutes ago \nDescription : Vault\u2019s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault\u2019s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-26T23:01:41.000000Z"}