Denial of Service Vulnerability in Vault by HashiCorp

CVE-2024-8185

Summary

Vault clusters, both Community and Enterprise editions, that utilize Vault's Integrated Storage backend, face a denial of service (DoS) vulnerability due to memory exhaustion at the Raft cluster join API endpoint. An attacker can exploit this vulnerability by sending a flood of requests, leading to excessive memory consumption that can potentially crash the underlying system and disrupt Vault process functionality. It is crucial for users to upgrade to Vault Community 1.18.1 or Vault Enterprise versions 1.18.1, 1.17.8, or 1.16.12 to safeguard against this threat.

References