VDB

CVE-2024-8185

CVE-2024-8185 PUBLISHED

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.

EPSS 0.81% · 74.7th percentile

Risk Scores

EPSS Score
0.81%
74.7th percentile

Affected Products

VendorProductVersions
Bitnamivault1.2.0
Bitnamivault1.2.0

Exploit Intelligence

Timeline

  • Oct 30, 2024 CVE Published
  • Oct 31, 2024 Coalition ESS Score
  • Oct 31, 2024 PoC Published
  • Oct 31, 2024 CVE Updated
  • Nov 1, 2024 EPSS Score
  • Nov 1, 2024 Coalition ESS Score
  • Nov 19, 2024 EPSS Score
  • Dec 8, 2024 EPSS Score
  • Dec 26, 2024 EPSS Score
  • Jan 13, 2025 EPSS Score
  • Jan 31, 2025 EPSS Score
  • Feb 18, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›