{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9180", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2024-09-25T18:00:56.306Z", "datePublished": "2024-10-10T20:54:57.084Z", "dateUpdated": "2024-11-08T22:27:31.042Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Vault", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [{"lessThan": "1.18.0", "status": "affected", "version": "0.10.4", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Vault Enterprise", "repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "versions": [{"changes": [{"at": "1.17.7", "status": "unaffected"}, {"at": "1.16.10", "status": "unaffected"}, {"at": "1.15.16", "status": "unaffected"}], "lessThan": "1.18.0", "status": "affected", "version": "0.10.4", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.</p><br/>"}], "value": "A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233: Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2024-10-18T19:48:21.134Z"}, "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565"}], "source": {"advisory": "HCSEC-2024-21", "discovery": "INTERNAL"}, "title": "Vault Operators in Root Namespace May Elevate Their Privileges"}, "adp": [{"affected": [{"vendor": "hashicorp", "product": "vault", "cpes": ["cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0.10.4", "status": "affected", "lessThan": "1.18.0", "versionType": "semver"}]}, {"vendor": "hashicorp", "product": "vault", "cpes": ["cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0.10.4", "status": "affected", "lessThan": "1.18.0", "versionType": "semver"}, {"version": "1.17.7", "status": "unaffected"}, {"version": "1.16.11", "status": "unaffected"}, {"version": "1.15.16", "status": "unaffected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T15:34:50.417514Z", "id": "CVE-2024-9180", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T22:27:31.042Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9180", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-11T15:34:50.417514Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:*"], "vendor": "hashicorp", "product": "vault", "versions": [{"status": "affected", "version": "0.10.4", "lessThan": "1.18.0", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*"], "vendor": "hashicorp", "product": "vault", "versions": [{"status": "affected", "version": "0.10.4", "lessThan": "1.18.0", "versionType": "semver"}, {"status": "unaffected", "version": "1.17.7"}, {"status": "unaffected", "version": "1.16.11"}, {"status": "unaffected", "version": "1.15.16"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T15:40:37.841Z"}}], "cna": {"title": "Vault Operators in Root Namespace May Elevate Their Privileges", "source": {"advisory": "HCSEC-2024-21", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233: Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "product": "Vault", "versions": [{"status": "affected", "version": "0.10.4", "lessThan": "1.18.0", "versionType": "semver"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}, {"repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "product": "Vault Enterprise", "versions": [{"status": "affected", "changes": [{"at": "1.17.7", "status": "unaffected"}, {"at": "1.16.10", "status": "unaffected"}, {"at": "1.15.16", "status": "unaffected"}], "version": "0.10.4", "lessThan": "1.18.0", "versionType": "semver"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565"}], "descriptions": [{"lang": "en", "value": "A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.", "supportingMedia": [{"type": "text/html", "value": "<p>A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.</p><br/>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2024-10-18T19:48:21.134Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9180", "state": "PUBLISHED", "dateUpdated": "2024-11-08T22:27:31.042Z", "dateReserved": "2024-09-25T18:00:56.306Z", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "datePublished": "2024-10-10T20:54:57.084Z", "assignerShortName": "HashiCorp"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7C3A4160-F4D5-4447-B637-ADB46ECA6191", "versionEndIncluding": "1.17.7", "versionStartIncluding": "1.7.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "matchCriteriaId": "B1A3560F-6E15-4CB4-AD63-019E7C499369", "versionEndExcluding": "1.18.0", "versionStartIncluding": "1.7.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "6A11834C-76C4-4D8A-8493-D2331334B823", "versionEndExcluding": "1.15.16", "versionStartIncluding": "1.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "137EE5AE-4532-40C5-AAFD-45BC897A216C", "versionEndExcluding": "1.16.11", "versionStartIncluding": "1.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16."}, {"lang": "es", "value": "Un operador de Vault privilegiado con permisos de escritura en el endpoint de identidad del espacio de nombres ra\u00edz podr\u00eda escalar sus privilegios a la pol\u00edtica ra\u00edz de Vault. Corregido en Vault Community Edition 1.18.0 y Vault Enterprise 1.18.0, 1.17.7, 1.16.11 y 1.15.16."}], "id": "CVE-2024-9180", "lastModified": "2024-10-18T20:15:03.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2024-10-10T21:15:05.010", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-266"}], "source": "security@hashicorp.com", "type": "Secondary"}]}

{"bugzilla": {"description": "hashicorp/vault: Vault Operators in Root Namespace May Elevate Their Privileges", "id": "2317923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317923"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-266", "details": ["A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.", "A flaw was found in HashiCorp Vault. This vulnerability allows a privileged Vault operator with write permissions to the root namespace's identity endpoint to escalate their privileges to Vault\u2019s root policy."], "name": "CVE-2024-9180", "package_state": [{"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/ocs-must-gather-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/cephcsi-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/mcg-cli-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/ocs-metrics-exporter-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/ocs-must-gather-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-cli-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-multicluster-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf/odf-multicluster-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}], "public_date": "2024-10-10T20:54:57Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-9180\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-9180\nhttps://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565"], "threat_severity": "Important"}