BIT-vault-2024-9180
Remote Code Execution vulnerability in vault (Go)
What is BIT-vault-2024-9180 About?
This vulnerability in jsonpath-plus allows for Remote Code Execution due to improper input sanitization. Attackers can execute arbitrary code on the system, making it a severe threat. Exploitation is relatively easy given the unsafe default usage of `vm` in Node.
Affected Software
Technical Details
The jsonpath-plus package, in versions prior to 10.0.7, does not properly sanitize input, leading to a Remote Code Execution (RCE) flaw. Specifically, the vulnerability arises from the unsafe default usage of the vm module in Node. An attacker can craft malicious input that, when processed by jsonpath-plus, results in the execution of arbitrary code on the underlying system. Despite previous attempts to patch similar issues, alternative payloads found by researchers indicate that the vulnerability persists, allowing for a bypass of earlier fixes.
What is the Impact of BIT-vault-2024-9180?
Successful exploitation may allow attackers to execute arbitrary code on the underlying system, gain full control over the compromised application or server, and potentially access sensitive data or pivot to other systems within the network.
What is the Exploitability of BIT-vault-2024-9180?
Exploitation of this vulnerability is considered to be of medium complexity, primarily due to the existence of known proof-of-concept exploits and the persistence of the issue through different payloads. No specific authentication or high privilege levels are explicitly mentioned as prerequisites for exploitation, suggesting that an attacker might be able to trigger this remotely through crafted input. The vulnerability is likely achieved via remote access, by supplying specially crafted malformed data that is processed by the vulnerable component. The primary risk factor increasing exploitation likelihood is the widespread use of vulnerable versions and the knowledge of bypass techniques for prior fixes.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-vault-2024-9180?
Available Upgrade Options
- github.com/hashicorp/vault
- <1.18.0 → Upgrade to 1.18.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2024-9180
- https://osv.dev/vulnerability/GO-2024-3191
- https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565
- https://github.com/hashicorp/vault
- https://github.com/advisories/GHSA-rr8j-7w34-xp5j
- https://pkg.go.dev/vuln/GO-2024-3191
- https://discuss.hashicorp.com/t/hcsec-2024-21-vault-operators-in-root-namespace-may-elevate-their-privileges/70565
What are Similar Vulnerabilities to BIT-vault-2024-9180?
Similar Vulnerabilities: CVE-2023-45803 , CVE-2023-46747 , CVE-2023-48633 , CVE-2023-46816 , CVE-2023-43646
