Sign In

CVE-2024-9180

ADVISORY - github

Summary

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16

EPSS Score: 0.00302 (0.531)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-266

Incorrect Privilege Assignment

CWE-other

ADVISORY - github

CWE-266

Incorrect Privilege Assignment

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-266

Incorrect Privilege Assignment

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-266

Incorrect Privilege Assignment

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2024-9180
EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-266CWE-other

CVSS SCORE

7.2high

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-rr8j-7w34-xp5j
EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-266

CVSS SCORE

8.6high

GoLang

CREATED

UPDATED

ADVISORY IDGO-2024-3191
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2024-9180

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-266CWE-937

CVSS SCORE

7.2high

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-vault-2024-9180

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.2high

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2024-9180
EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-266

CVSS SCORE

7.2high

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-9mc2-fx8q-8mwx

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY