CVE-2024-9180 — Vulnetix

CVE-2024-9180 PUBLISHED

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.

EPSS 0.30% · 53.9th percentile

Risk Scores

EPSS Score

0.30%

53.9th percentile

Affected Products

Vendor	Product	Versions
Bitnami	vault	1.7.7
Bitnami	vault	1.7.7

Exploit Intelligence

CIRCL seen: CVE-2024-9180 (circl-sighting)
https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565 (circl)

Timeline

Oct 10, 2024 CVE Published
Oct 11, 2024 EPSS Score
Oct 11, 2024 PoC Published
Oct 14, 2024 Coalition ESS Score
Oct 17, 2024 Coalition ESS Score
Oct 17, 2024 Coalition ESS Score
Oct 18, 2024 Coalition ESS Score
Oct 30, 2024 EPSS Score
Nov 18, 2024 EPSS Score
Dec 7, 2024 EPSS Score
Dec 26, 2024 EPSS Score
Jan 14, 2025 EPSS Score

References

https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565 url
https://nvd.nist.gov/vuln/detail/CVE-2024-9180 url

Open in Interactive Console →