// For flags

CVE-2024-8185

Vault Vulnerable to Denial of Service When Processing Raft Join Requests

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.

This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-08-26 CVE Reserved
  • 2024-10-31 CVE Published
  • 2024-11-01 CVE Updated
  • 2024-11-01 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-636: Not Failing Securely ('Failing Open')
CAPEC
  • CAPEC-469: HTTP DoS
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
HashiCorp
Search vendor "HashiCorp"
Vault
Search vendor "HashiCorp" for product "Vault"
>= 1.2.0 < 1.18.1
Search vendor "HashiCorp" for product "Vault" and version " >= 1.2.0 < 1.18.1"
en
Affected
HashiCorp
Search vendor "HashiCorp"
Vault Enterprise
Search vendor "HashiCorp" for product "Vault Enterprise"
>= 1.2.0 < 1.18.1
Search vendor "HashiCorp" for product "Vault Enterprise" and version " >= 1.2.0 < 1.18.1"
en
Affected