Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-4680HistorySep 15, 2023 - 12:15 a.m.
CVE-2023-4680
2023-09-1500:15:07
Alpine Linux Development Team
security.alpinelinux.org
5
hashicorp vault
vault enterprise
transit secrets engine
authorized users
convergent encryption
offline attack
ciphertext
authentication subkey
arbitrary nonces
unix
0.0005 Low
EPSS
Percentile
17.9%
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.18-community | noarch | vault | = 1.13.5-r3 | UNKNOWN |
Related
cve
cve
CVE-2023-4680
2023-09-15 00:15:07
prion
prion
Design/Logic Flaw
2023-09-15 00:15:00
cgr
cgr
CVE-2023-4680 vulnerabilities
2024-05-19 03:07:16
github
github
HashiCorp Vault Improper Input Validation vulnerability
2023-09-15 00:30:29
cvelist
cvelist
veracode
veracode
Improper Input Validation
2023-09-20 06:14:59
osv
osv
CVE-2023-4680
2023-09-15 00:15:07
HashiCorp Vault Improper Input Validation vulnerability
2023-09-15 00:30:29
BIT-vault-2023-4680
2024-03-06 11:08:32
wolfi
wolfi
CVE-2023-4680 vulnerabilities
2024-06-18 15:21:56
nvd
nvd
CVE-2023-4680
2023-09-15 00:15:07
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-10-25 20:24:23