CGA-6c3m-54pc-wmh5

Published

Last updated

https://images.chainguard.dev/security/CGA-6c3m-54pc-wmh5

Package

vault-fips-1.14

Repository

Chainguard

Latest Update

Fix not planned

Aliases

GHSA-rr8j-7w34-xp5j

Severity

7.2

High

CVSS V3

Summary

Vault Community Edition privilege escalation vulnerability

Description

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11, and 1.15.16

References

https://github.com/advisories/GHSA-rr8j-7w34-xp5j
https://nvd.nist.gov/vuln/detail/CVE-2024-9180
https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565
https://github.com/hashicorp/vault
https://pkg.go.dev/vuln/GO-2024-3191

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-6c3m-54pc-wmh5

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources