CVE-2024-8185 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-8185 PUBLISHED

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.

EPSS 0.81% · 74.2th percentile

Risk Scores

EPSS Score

0.81%

74.2th percentile

Affected Products

Vendor	Product	Versions
Bitnami	vault	1.2.0
Bitnami	vault	1.2.0

Timeline

Oct 30, 2024 CVE Published
Oct 31, 2024 Coalition ESS Score
Oct 31, 2024 PoC Published
Oct 31, 2024 CVE Updated
Nov 1, 2024 EPSS Score
Nov 1, 2024 Coalition ESS Score
Nov 19, 2024 EPSS Score
Dec 7, 2024 EPSS Score
Dec 25, 2024 EPSS Score
Jan 11, 2025 EPSS Score
Jan 29, 2025 EPSS Score
Feb 15, 2025 EPSS Score

References

Open in Interactive Console →