Root Privileges Escalation Vulnerability in Vault
CVE-2024-9180
7.2HIGH
Summary
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.
Affected Version(s)
Vault < 1.18.0
Vault Enterprise < 1.18.0
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 7.2 - (HIGH)
Vulnerability published.
Collectors
NVD DatabaseMitre Database