Denial of Service Vulnerability in Vault by HashiCorp
CVE-2024-8185

Currently unrated

Key Information:

Vendor

HashiCorp

Status
Vendor
CVE Published:
31 October 2024

What is CVE-2024-8185?

Vault clusters, both Community and Enterprise editions, that utilize Vault's Integrated Storage backend, face a denial of service (DoS) vulnerability due to memory exhaustion at the Raft cluster join API endpoint. An attacker can exploit this vulnerability by sending a flood of requests, leading to excessive memory consumption that can potentially crash the underlying system and disrupt Vault process functionality. It is crucial for users to upgrade to Vault Community 1.18.1 or Vault Enterprise versions 1.18.1, 1.17.8, or 1.16.12 to safeguard against this threat.

References

Timeline

  • Vulnerability published

.