Vulnerability CVE-2024-9180
Published: 2024-10-10

Description:
A privileged Vault operator with write permissions to the root namespace??s identity endpoint could escalate their privileges to Vault??s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.

 References:
https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565
Copyright 2026, cxsecurity.com

 

Back to Top