VDB
WID-SEC-W-2023-0627
WID-SEC-W-2023-0627
PUBLISHED
CVSS 8.699999809265137 HIGH
Vault ist ein identitätsbasiertes System zur Verwaltung von Geheimnissen und Verschlüsselung.
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp Vault < 1.11.8 | ||
| Hashicorp Vault < 1.10.11 | ||
| Hashicorp Vault < 1.13.0 | ||
| Hashicorp Vault < 1.12.4 |
Timeline
- Mar 12, 2023 CVE Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0627.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0627 advisory
- https://discuss.hashicorp.com/t/hcsec-2023-07-vault-fails-to-verify-if-approle-secretid-belongs-to-role-during-a-destroy-operation/51305 url