CVE-2024-8185

Name of the Vulnerable Software and Affected Versions Vault Community versions prior to 1.18.1 Vault Enterprise versions prior to 1.18.1, 1.17.8, and 1.16.12

Description The issue is related to the Raft Consensus Algorithm in the Integrated Storage of HashiCorp Vault and Vault Enterprise, which can lead to unlimited resource consumption due to incorrect node joining in the cluster. This can be exploited by a remote attacker to cause a denial-of-service (DoS) through memory exhaustion. An attacker may send a large volume of requests to the Raft cluster join API endpoint, causing Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself.

Recommendations For Vault Community versions prior to 1.18.1, update to version 1.18.1 or later. For Vault Enterprise versions prior to 1.18.1, update to version 1.18.1 or later. For Vault Enterprise versions prior to 1.17.8, update to version 1.17.8 or later. For Vault Enterprise versions prior to 1.16.12, update to version 1.16.12 or later. As a temporary workaround, consider restricting access to the Raft cluster join API endpoint to minimize the risk of exploitation.