Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0665

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

Published

2023-03-30T01:15:07.437

Last Modified

2024-11-21T07:37:35.217

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-285
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hashicorp	vault	< 1.11.9	Yes
Application	hashicorp	vault	< 1.11.9	Yes
Application	hashicorp	vault	< 1.12.5	Yes
Application	hashicorp	vault	< 1.12.5	Yes
Application	hashicorp	vault	< 1.13.1	Yes
Application	hashicorp	vault	< 1.13.1	Yes

References

https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1 Issue Tracking, Patch, Vendor Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20230526-0008/ ([email protected])
https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1 Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230526-0008/ (af854a3a-2127-422b-91ae-364da2661108)