CVE-2024-9180

CVSS 3.1 Score 7.2 of 10 (high)

Attack Complexity low
Confidentiality high
Integrity high
Availability high
Privileges Required high
Scope unchanged

Details

Published Oct 10, 2024
Updated: Oct 18, 2024
CWE ID 266

Summary

CVE-2024-9180 is a vulnerability affecting Vault, an identity and access management tool. A privileged operator with write permissions to the root namespace's identity endpoint can exploit this issue to escalate their own or another user's privileges, effectively gaining root access. This vulnerability has been addressed in Vault Community Edition 1.18.0 and Vault Enterprise versions 1.18.0, 1.17.7, 1.16.11, and 1.15.16. System administrators are advised to update their Vault installations to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • HashiCorp Vault

Affected Vendors

  • HashiCorp Inc.