Vault
CVE-2023-0665
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
1DescriptionNVD
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
AnalysisAI
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-285. HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9. Affected products include: Hashicorp Vault.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the
Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when con
The official vault docker images before 0.11.6 contain a blank password for a root user. Rated critical severity (CVSS 9
HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly gener
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. Rated critical severity (CVSS 9.1), this
HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthent
HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing neste
Token leakage in HashiCorp Vault and Vault Enterprise (0.11.2 up to 2.0.0, 1.21.5, 1.20.10, and 1.19.16) occurs when an
Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. Rated high severity
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vuln
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vuln
HashiCorp Vault's KVv2 secrets engine allows authenticated users with glob-based policy access to delete secrets outside
Same weakness CWE-285 – Improper Authorization
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today