CVE-2024-9180Incorrect Privilege Assignment in Vault

CWE-266Incorrect Privilege AssignmentCWE-190Integer Overflow or WraparoundCWE-200Sensitive Information Exposure6 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.3%
top 46.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Hashicorp VaultHashicorp Vault EnterpriseGithub.com Hashicorp Vault+2 more
Timeline
PublishedOct 10
Latest updateOct 11

Description

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages6 packages

CVEListV5hashicorp/vault_enterprise0.10.41.18.0
CVEListV5hashicorp/vault0.10.41.18.0
NVDhashicorp/vault1.7.71.18.0+3
NVDopenbao/openbao< 2.0.3

🔴Vulnerability Details

4
OSV
Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault2024-10-11
GHSA
Vault Community Edition privilege escalation vulnerability2024-10-10
OSV
Vault Community Edition privilege escalation vulnerability2024-10-10
GHSA
BoringSSLAEADContext in Netty Repeats Nonces2024-06-05

📋Vendor Advisories

1
Red Hat
hashicorp/vault: Vault Operators in Root Namespace May Elevate Their Privileges2024-10-10