DirectorySecurity Advisories
Sign In
Security Advisories

CGA-6qf6-2cwj-4v55

Published

Last updated

https://images.chainguard.dev/security/CGA-6qf6-2cwj-4v55
Package

vault-fips-1.16

Latest Update
Not affected
Aliases
  • CVE-2023-2121
  • GHSA-gq98-53rq-qr5h

Severity

4.3

Medium

CVSS V3

Summary

Hashicorp Vault vulnerable to Cross-site Scripting

Description

Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images