CVE-2024-9180
CVSS 3.1 Score 7.2 of 10 (high)
Attack Complexity low
Confidentiality high
Integrity high
Availability high
Privileges Required high
Scope unchanged
Details
Published Oct 10, 2024
Updated: Oct 18, 2024
CWE ID 266
Summary
CVE-2024-9180 is a vulnerability affecting Vault, an identity and access management tool. A privileged operator with write permissions to the root namespace's identity endpoint can exploit this issue to escalate their own or another user's privileges, effectively gaining root access. This vulnerability has been addressed in Vault Community Edition 1.18.0 and Vault Enterprise versions 1.18.0, 1.17.7, 1.16.11, and 1.15.16. System administrators are advised to update their Vault installations to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- HashiCorp Vault
Affected Vendors
- HashiCorp Inc.