CVE-2024-8185

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-636
View all →

Vulnerability Description

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12.

Related Vulnerabilities

CVE-2023-4030

HIGH
CVSS:7.8(High)

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.

CWE-6362023

CVE-2021-3614

MEDIUM
CVSS:6.8(Medium)

A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physical access to elevate privileges under certain conditions during a BIOS update performed by Lenovo V...

CWE-6362021

CVE-2024-2660

MEDIUM
CVSS:6.4(Medium)

Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. This vulnerability, CVE-2024-2660, affects Vault and Va...

CWE-6362024

CVE-2021-1578

HIGH
CVSS:8.8(High)

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, ...

CWE-6362021

CVE-2021-1578

HIGH
CVSS:8.8(High)

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, ...

CWE-6362021