cbcvebase.
CVE-2024-8185
published 2024-10-31

CVE-2024-8185: Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through…

PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.48%
37.8th percentile
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.

Affected

8 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_vault>= 1.2.0 < 1.18.11.18.1
github.comopenbao_openbao>= 0 < 2.0.32.0.3
hashicorpvault
hashicorpvault>= 1.17.0 < 1.17.81.17.8
hashicorpvault>= 1.2.0 < 1.16.121.16.12
hashicorpvault>= 1.2.0 < 1.18.11.18.1
hashicorpvault_enterprise>= 1.2.0 < 1.18.11.18.1
openbaoopenbao< 2.0.32.0.3

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.