nvd-json-data-feeds/CVE-2024/CVE-2024-91xx/CVE-2024-9180.json

{
  "id": "CVE-2024-9180",
  "sourceIdentifier": "security@hashicorp.com",
  "published": "2024-10-10T21:15:05.010",
  "lastModified": "2024-10-18T20:15:03.393",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A privileged Vault operator with write permissions to the root namespace\u2019s identity endpoint could escalate their own or another user\u2019s privileges to Vault\u2019s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16."
    },
    {
      "lang": "es",
      "value": "Un operador de Vault privilegiado con permisos de escritura en el endpoint de identidad del espacio de nombres ra\u00edz podr\u00eda escalar sus privilegios a la pol\u00edtica ra\u00edz de Vault. Corregido en Vault Community Edition 1.18.0 y Vault Enterprise 1.18.0, 1.17.7, 1.16.11 y 1.15.16."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@hashicorp.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@hashicorp.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-266"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "1.7.7",
              "versionEndIncluding": "1.17.7",
              "matchCriteriaId": "7C3A4160-F4D5-4447-B637-ADB46ECA6191"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
              "versionStartIncluding": "1.7.7",
              "versionEndExcluding": "1.18.0",
              "matchCriteriaId": "B1A3560F-6E15-4CB4-AD63-019E7C499369"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "1.15.0",
              "versionEndExcluding": "1.15.16",
              "matchCriteriaId": "6A11834C-76C4-4D8A-8493-D2331334B823"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
              "versionStartIncluding": "1.16.0",
              "versionEndExcluding": "1.16.11",
              "matchCriteriaId": "137EE5AE-4532-40C5-AAFD-45BC897A216C"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565",
      "source": "security@hashicorp.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}