nvd-json-data-feeds/CVE-2024/CVE-2024-91xx/CVE-2024-9180.json

{
  "id": "CVE-2024-9180",
  "sourceIdentifier": "security@hashicorp.com",
  "published": "2024-10-10T21:15:05.010",
  "lastModified": "2024-10-10T21:15:05.010",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@hashicorp.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@hashicorp.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-266"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565",
      "source": "security@hashicorp.com"
    }
  ]
}
Auto-Update: 2024-10-10T22:00:17.541767+00:00 2024-10-10 22:03:16 +00:00			`{`
			`"id": "CVE-2024-9180",`
			`"sourceIdentifier": "security@hashicorp.com",`
			`"published": "2024-10-10T21:15:05.010",`
			`"lastModified": "2024-10-10T21:15:05.010",`
			`"vulnStatus": "Received",`
			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "security@hashicorp.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.2,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 1.2,`
			`"impactScore": 5.9`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "security@hashicorp.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-266"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565",`
			`"source": "security@hashicorp.com"`
			`}`
			`]`
			`}`