CVE-2024-9180

HIGH

7.2

Descripcion

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.

Detalles CVE

Puntuacion CVSS v3.17.2

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosHIGH

Interaccion usuarioNONE

Publicado10/10/2024

Ultima modificacion12/31/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

hashicorp:vaultopenbao:openbao

Debilidades (CWE)

CWE-266

Referencias

https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565(security@hashicorp.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.