Lucene search
PRIOn knowledge basePRION:CVE-2023-4680HistorySep 15, 2023 - 12:15 a.m.
Design/Logic Flaw
2023-09-1500:15:00
PRIOn knowledge base
www.prio-n.com
9
hashicorp
vault
transit secrets engine
arbitrary nonces
convergent encryption
decryption
authentication subkey
nvd
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
Related
cgr
cgr
CVE-2023-4680 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-4680
2023-09-15 00:15:07
github
github
HashiCorp Vault Improper Input Validation vulnerability
2023-09-15 00:30:29
cvelist
cvelist
osv
osv
CVE-2023-4680
2023-09-15 00:15:07
HashiCorp Vault Improper Input Validation vulnerability
2023-09-15 00:30:29
BIT-vault-2023-4680
2024-03-06 11:08:32
veracode
veracode
Improper Input Validation
2023-09-20 06:14:59
alpinelinux
alpinelinux
CVE-2023-4680
2023-09-15 00:15:07
wolfi
wolfi
CVE-2023-4680 vulnerabilities
2024-06-17 21:08:19
nvd
nvd
CVE-2023-4680
2023-09-15 00:15:07
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-10-25 20:24:23