Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2023-0690
HistoryFeb 08, 2023 - 7:15 p.m.

CVE-2023-0690

2023-02-0819:15:11
Google
osv.dev
4
hashicorp boundary
plaintext credentials
encryption
kms
automatic rotation
software
security issue

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file,Β new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk.

This issue is fixed in version 0.12.0.

Related

cve 1
osv 1
cvelist 1
github 1
veracode 1
nvd 1
prion 1
cve
cve
CVE-2023-0690
2023-02-08 19:15:11
osv
osv
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured
2023-07-06 19:24:09
cvelist
cvelist
CVE-2023-0690 Boundary Workers Store Rotated Credentials in Plaintext Even When a Key Management Service Configured
2023-02-08 18:27:33
github
github
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured
2023-07-06 19:24:09
veracode
veracode
Information Disclosure
2023-02-13 02:06:31
nvd
nvd
CVE-2023-0690
2023-02-08 19:15:11
prion
prion
Design/Logic Flaw
2023-02-08 19:15:00

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for OSV:CVE-2023-0690
cve1osv1cvelist1github1veracode1nvd1prion1