/
DirectorySecurity AdvisoriesPricing
Sign In
Security Advisories

CVE-2023-0620

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-0620

Severity

Unknown

Description

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.

This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.

References

  • https://images.chainguard.dev/security/CGA-gg8m-cjr9-3275

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs