CVE-2023-0665

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-0665

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0665.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-0665

Aliases

Related

CGA-fpvp-m2vp-cg65

Published

2023-03-30T01:15:07.437Z

Modified

2026-02-13T02:34:49.945397Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

References

Affected packages

Git / github.com/hashicorp/vault

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/vault
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3eed40f0ee74c44f439c2277e010a234eecc491b

Introduced

558abfa75702b5dab4c98e86b802fb9aef43b0eb

Fixed

acc381a27bf365353b1b325838f7f1c273175788

Introduced

a4cf0dc4437de35fce4860857b64569d092a9b5a

Fixed

4472e4a3fbcc984b7e3dc48f5a8283f3efe6f282

Affected versions

v1.*

v1.12.0

v1.12.1

v1.12.2

v1.12.3

v1.12.4

v1.13.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0665.json"