CVE-2024-9180

Summary

CVE-2024-9180 is a high-severity vulnerability affecting several versions of HashiCorp Vault, including Vault Community Edition 1.18.0 and various prior versions. This flaw allows a privileged Vault operator with write permissions to the root namespace’s identity endpoint to escalate their privileges to Vault’s root policy, posing significant risks to confidentiality, integrity, and availability within an organization. Remediation is available through updates to the fixed versions mentioned above. The attack vector for this vulnerability is network-based, requiring high privileges with no user interaction. Organizations should prioritize applying the necessary updates to mitigate potential exploitation risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.