VDB
CVE-2023-0620
CVE-2023-0620
PUBLISHED
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
EPSS 0.15% · 35.8th percentile
Risk Scores
EPSS Score
0.15%
35.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | vault | 0, 1.12.0, 1.13.0 |
| Bitnami | vault | 1.12.0, 1.13.0, 0 |
Timeline
- Mar 29, 2023 CVE Published
- Mar 30, 2023 EPSS Score
- Apr 6, 2023 CVE Updated
- May 7, 2023 EPSS Score
- Jun 14, 2023 EPSS Score
- Jul 23, 2023 EPSS Score
- Aug 30, 2023 EPSS Score
- Oct 7, 2023 EPSS Score
- Nov 14, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
- Jan 29, 2024 EPSS Score
- Mar 8, 2024 EPSS Score