CVE-2023-2121

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-2121

Severity

Unknown

Description

Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.

References

https://images.chainguard.dev/security/CGA-rqp2-7frh-8x2p
https://github.com/advisories/GHSA-gq98-53rq-qr5h
https://images.chainguard.dev/security/CGA-6275-53hr-7vxh
https://images.chainguard.dev/security/CGA-rp2c-4c94-j3g6
https://images.chainguard.dev/security/CGA-82px-p7vg-j827
https://images.chainguard.dev/security/CGA-548r-2p5f-vj34
https://images.chainguard.dev/security/CGA-q94f-mgxm-3v38
https://images.chainguard.dev/security/CGA-6qf6-2cwj-4v55
https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2023-2121

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources