CVE-2023-0665 Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata

🗓️ 30 Mar 2023 00:21:47Reported by HashiCorpType

Vault PKI Issuer Endpoint Authorization Bug in CVE-2023-0665

Reporter	Title	Published	Views	Family All 26
IBM Security Bulletins	Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Improper and Incorrect Authorization and SQL Injection in Vault (CVE-2023-0665, CVE-2023-24999, CVE-2023-0620)	4 Apr 202521:24	–	ibm
Chainguard	CVE-2023-0665 vulnerabilities	30 Mar 202301:15	–	cgr
CNNVD	HashiCorp Vault 安全漏洞	30 Mar 202300:00	–	cnnvd
CVE	CVE-2023-0665	30 Mar 202300:21	–	cve
EUVD	EUVD-2023-1040	3 Oct 202520:07	–	euvd
Github Security Blog	HashiCorp Vault's PKI mount vulnerable to denial of service	30 Mar 202303:30	–	github
NVD	CVE-2023-0665	30 Mar 202301:15	–	nvd
OSV	BIT-VAULT-2023-0665 Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata	6 Mar 202411:09	–	osv
OSV	CGA-42RQ-9CCW-CM4M	6 Jun 202412:22	–	osv
OSV	CGA-6HJC-XG4C-Q3WG	15 Jul 202421:54	–	osv

[
  {
    "vendor": "HashiCorp",
    "product": "Vault",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux",
      "x86",
      "ARM",
      "64 bit",
      "32 bit"
    ],
    "repo": "https://github.com/hashicorp/vault",
    "versions": [
      {
        "status": "affected",
        "version": "1.13.0",
        "lessThan": "1.13.1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.12.0",
        "lessThan": "1.12.5",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.11.0",
        "lessThan": "1.11.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "HashiCorp",
    "product": "Vault Enterprise",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux",
      "x86",
      "ARM",
      "64 bit",
      "32 bit"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "1.13.0",
        "lessThan": "1.13.1",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.12.0",
        "lessThan": "1.12.5",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.11.0",
        "lessThan": "1.11.9",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20230526-0008/
discuss	www.discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1

26 May 2023 19:06Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.5

EPSS0.001

CWE-285