HashiCorp recently published a security advisory outlining a critical vulnerability in its Vault secret management platform. Identified as CVE-2024-9180, this vulnerability has a CVSSv3 score of 7.2, marking it as high-severity. If exploited, this flaw could allow attackers to escalate privileges to obtain the root policy in Vault, presenting a significant risk.
How CVE-2024-9180 Works
According to HashiCorp, the vulnerability originates from how Vault processes entries in its in-memory entity cache. If an attacker has write access to the root namespace’s identity endpoint, they could exploit this flaw by altering their cached entity record through the identity API. This manipulation could give the attacker elevated privileges, potentially granting them the root policy on the compromised node.
Read more about CVE-2024-9180 on the National Vulnerability Database (NVD).
Impact of the HashiCorp Vault Vulnerability
If exploited, this vulnerability could allow attackers to gain full control of the Vault instance. Such access would expose sensitive data and possibly disrupt essential operations. However, the impact remains limited to the affected node. Manipulated entity records are not propagated across the Vault cluster and do not persist in the backend, making the issue manageable upon server restart.
This vulnerability also affects only entities within the root namespace, leaving standard and administrative namespaces unaffected. HashiCorp clarified that HCP Vault Dedicated is also safe, as it uses administrative namespaces that are not vulnerable.
Recommended Actions and Available Patches
HashiCorp recommends that all Vault users assess their risk level and consider updating to the patched versions below:
- Vault Community Edition: 1.18.0
- Vault Enterprise: 1.18.0, 1.17.7, 1.16.11, 1.15.16
For users unable to upgrade immediately, HashiCorp suggests alternative measures to minimize risk. Users can apply Sentinel EGP policies or adjust the default policy to limit access to the identity endpoint. Additionally, monitoring Vault’s audit logs for entries showing “root” in the identity_policy array can help detect possible exploitation attempts.
For further information on securing Vault, see HashiCorp’s official documentation.
HashiCorp urges affected users to act quickly to mitigate this risk.