CVE-2024-9180 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-9180 PUBLISHED

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.

EPSS 0.30% · 53.3th percentile

Risk Scores

EPSS Score

0.30%

53.3th percentile

Affected Products

Vendor	Product	Versions
Bitnami	vault	1.7.7
Bitnami	vault	1.7.7

Timeline

Oct 10, 2024 CVE Published
Oct 11, 2024 EPSS Score
Oct 11, 2024 PoC Published
Oct 14, 2024 Coalition ESS Score
Oct 17, 2024 Coalition ESS Score
Oct 17, 2024 Coalition ESS Score
Oct 18, 2024 Coalition ESS Score
Oct 29, 2024 EPSS Score
Nov 16, 2024 EPSS Score
Dec 6, 2024 EPSS Score
Dec 24, 2024 EPSS Score
Jan 11, 2025 EPSS Score

References

Open in Interactive Console →