CVE-2023-0665

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0665

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0665.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0665

Aliases

Related

CGA-fpvp-m2vp-cg65

Published

2023-03-30T01:15:07.437Z

Modified

2026-04-10T04:53:57.387110Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type

GIT

Repo

https://github.com/hashicorp/vault

Events

Introduced

Fixed

3eed40f0ee74c44f439c2277e010a234eecc491b

Introduced

Fixed

3eed40f0ee74c44f439c2277e010a234eecc491b

Introduced

558abfa75702b5dab4c98e86b802fb9aef43b0eb

Fixed

acc381a27bf365353b1b325838f7f1c273175788

Introduced

558abfa75702b5dab4c98e86b802fb9aef43b0eb

Fixed

acc381a27bf365353b1b325838f7f1c273175788

Introduced

a4cf0dc4437de35fce4860857b64569d092a9b5a

Fixed

4472e4a3fbcc984b7e3dc48f5a8283f3efe6f282

Introduced

a4cf0dc4437de35fce4860857b64569d092a9b5a

Fixed

4472e4a3fbcc984b7e3dc48f5a8283f3efe6f282

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.11.9"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "1.11.9"
        },
        {
            "introduced": "1.12.0"
        },
        {
            "fixed": "1.12.5"
        },
        {
            "introduced": "1.12.0"
        },
        {
            "fixed": "1.12.5"
        },
        {
            "introduced": "1.13.0"
        },
        {
            "fixed": "1.13.1"
        },
        {
            "introduced": "1.13.0"
        },
        {
            "fixed": "1.13.1"
        }
    ]
}

Affected versions

api/auth/approle/v0.*

api/auth/approle/v0.1.0

api/auth/approle/v0.1.1

api/auth/aws/v0.*

api/auth/aws/v0.1.0

api/auth/azure/v0.*

api/auth/azure/v0.1.0

api/auth/gcp/v0.*

api/auth/gcp/v0.1.0

api/auth/kubernetes/v0.*

api/auth/kubernetes/v0.1.0

api/auth/ldap/v0.*

api/auth/ldap/v0.1.0

api/auth/userpass/v0.*

api/auth/userpass/v0.1.0

api/v1.*

api/v1.0.1

api/v1.0.2

api/v1.0.3

api/v1.0.4

api/v1.1.1

api/v1.2.0

api/v1.3.1

api/v1.5.0

api/v1.6.0

Other

last-go-modable

main-creation

sdk/v0.*

sdk/v0.1.10

sdk/v0.1.11

sdk/v0.1.12

sdk/v0.1.13

sdk/v0.1.8

sdk/v0.1.9

sdk/v0.2.1

sdk/v0.3.0

sdk/v0.4.1

sdk/v0.5.0

sdk/v0.5.2

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.10.0

v0.10.0-rc1

v0.10.1

v0.10.2

v0.10.3

v0.10.4

v0.11.0

v0.11.0-beta1

v0.11.1

v0.11.2

v0.2.0

v0.2.0.rc1

v0.3.0

v0.3.0-rc

v0.3.1

v0.4.0

v0.4.0-rc1

v0.5.0

v0.5.0-rc1

v0.5.0-rc1.1

v0.5.0-rc1.2

v0.5.0-rc2

v0.5.1

v0.5.2

v0.6.0

v0.6.0-beta1

v0.6.0-beta2

v0.6.0-rc1

v0.6.0-rebuild

v0.6.1

v0.6.1-rc1

v0.6.1-rc2

v0.6.1-rc3

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.7.0

v0.7.0-beta1

v0.7.1

v0.7.2

v0.7.3

v0.8.0

v0.8.0-beta1

v0.8.0-rc1

v0.8.1

v0.8.2

v0.8.3

v0.9.0

v0.9.1

v0.9.2

v0.9.4

v0.9.5

v0.9.6

v1.*

v1.0.0

v1.0.0-beta1

v1.0.0-beta2

v1.0.0-rc1

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.0-beta1

v1.1.0-beta2

v1.1.1

v1.11.0

v1.11.0-rc1

v1.11.1

v1.11.2

v1.11.3

v1.11.4

v1.11.5

v1.11.6

v1.11.7

v1.11.8

v1.12.0

v1.12.1

v1.12.2

v1.12.3

v1.12.4

v1.13.0

v1.2.0

v1.2.0-beta1

v1.2.0-beta2

v1.2.0-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0665.json"