HIGH🇵🇱 Wersja polska

CVE-2024-8185

CVSS 7.5v3.1pub. 2024-10-31upd. 2025-11-13

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Hashicorp Vault

    APP
    Hashicorp
    1.18.01.2.0 – 1.16.12 (bez)1.2.0 – 1.18.1 (bez)1.17.0 – 1.17.8 (bez)
  • Openbao

    APP
    Openbao
    < 2.0.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-33757CRITICAL9.6PL ✓ten sam produkt

OpenBao: zdalne phishing przez JWT/OIDC bez potwierdzenia logowania

CVE-2026-33758CRITICAL9.4PL ✓ten sam produkt

XSS w OpenBao — kradzież tokenu Web UI przez parametr error_description

CVE-2025-54997CRITICAL9.1PL ✓ten sam produkt

OpenBao: ominięcie restrykcji przez subsystem audytu — RCE i dostęp sieciowy

CVE-2025-6000CRITICAL9.1PL ✓ten sam produkt

HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit

CVE-2022-40186CRITICAL9.1ten sam produkt

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity...

CVE-2024-8185 — Hashicorp — Vault — HIGH — CVSS 7.5 | CVEbaza.pl