A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.
Metrics
Affected Vendors & Products
References
History
Fri, 18 Oct 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. | A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. |
Thu, 17 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:* |
Fri, 11 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Hashicorp
Hashicorp vault |
|
CPEs | cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:* cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:* |
|
Vendors & Products |
Hashicorp
Hashicorp vault |
|
Metrics |
ssvc
|
Fri, 11 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Thu, 10 Oct 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. | |
Title | Vault Operators in Root Namespace May Elevate Their Privileges | |
Weaknesses | CWE-266 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2024-10-10T20:54:57.084Z
Updated: 2024-11-08T22:27:31.042Z
Reserved: 2024-09-25T18:00:56.306Z
Link: CVE-2024-9180
Vulnrichment
Updated: 2024-10-11T15:40:37.841Z
NVD
Status : Modified
Published: 2024-10-10T21:15:05.010
Modified: 2024-10-18T20:15:03.393
Link: CVE-2024-9180
Redhat