CVE-2023-0665

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-0665

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0665.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0665

Aliases

Related

Withdrawn

2024-05-15T05:32:52.108942Z

Published

2023-03-30T01:15:07Z

Modified

2024-08-20T20:58:39.031595Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Introduced

558abfa75702b5dab4c98e86b802fb9aef43b0eb

Fixed

acc381a27bf365353b1b325838f7f1c273175788

Introduced

a4cf0dc4437de35fce4860857b64569d092a9b5a

Affected versions

v1.*

v1.12.0

v1.12.1

v1.12.2

v1.12.3

v1.12.4