Openbao
CVE-2024-9180
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16.
AnalysisAI
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-266. A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16. Affected products include: Openbao, Hashicorp Vault.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when con
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. Rated high severity
OpenBao versions before 2.3.0 contain an unauthenticated denial-of-service vulnerability in the root rekey and recovery
OpenBao is an open source identity-based secrets management system. Rated high severity (CVSS 7.5), this vulnerability i
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a den
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi
Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi
Disk exhaustion via decompression bomb in OpenBao's OCI plugin downloader allows network attackers to exhaust victim dis
OpenBao versions prior to 2.5.3 allow high-privileged administrators in one tenant to revoke or renew authentication tok
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certifi
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today