VDB
WID-SEC-W-2023-0795
WID-SEC-W-2023-0795
PUBLISHED
CVSS 8.699999809265137 HIGH
Vault ist ein identitätsbasiertes System zur Verwaltung von Geheimnissen und Verschlüsselung.
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp Vault < 1.13.1 | ||
| Hashicorp Vault < 1.12.5 | ||
| Hashicorp Vault < 1.11.9 |
Timeline
- Mar 29, 2023 CVE Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0795.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0795 advisory
- https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080 url
- https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079 url
- https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078 url