CVE-2024-9180

Published: Oct 10, 2024Modified: Dec 31, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.

Affected (5)

Products: Openbao: Openbao · Hashicorp: Vault

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openbao Openbao	Before 2.0.3

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Hashicorp Vault	From 1.7.7 to 1.18.0
Hashicorp Vault	From 1.15.0 to 1.15.16
Hashicorp Vault	From 1.16.0 to 1.16.11
Hashicorp Vault	From 1.7.7 to 1.17.7

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (1)

https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565

Source: security@hashicorp.com

Vendor Advisory

Timeline

No history available yet.