CGA-42rq-9ccw-cm4m

Published

Last updated

https://images.chainguard.dev/security/CGA-42rq-9ccw-cm4m

Package

vault-fips-1.14

Latest Update

Not affected

Aliases

CVE-2023-0665
GHSA-hwc3-3qh6-r4gg

Severity

6.5

Medium

CVSS V3

Summary

HashiCorp Vault's PKI mount vulnerable to denial of service

Description

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-0665
https://github.com/advisories/GHSA-hwc3-3qh6-r4gg
https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1
https://github.com/hashicorp/vault
https://security.netapp.com/advisory/ntap-20230526-0008

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-42rq-9ccw-cm4m

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources