Lucene search
K

5 matches found

Chainguard
Chainguard
added 2023/09/15 12:15 a.m.47 views

CVE-2023-4680 vulnerabilities

Vulnerabilities for packages: vault...

6.8CVSS7AI score0.00368EPSS
Exploits0
Wolfi
Wolfi
added 2023/09/15 12:15 a.m.47 views

CVE-2023-4680 vulnerabilities

Vulnerabilities for packages: vault...

6.8CVSS7.1AI score0.00368EPSS
Exploits0
Cvelist
Cvelist
added 2023/09/14 11:6 p.m.32 views

CVE-2023-4680 Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/14 11:6 p.m.21 views

CVE-2023-4680 Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the...

6.8CVSS7.4AI score0.00368EPSS
Exploits0References1
CVE
CVE
added 2023/09/14 11:6 p.m.653 views

CVE-2023-4680

CVE-2023-4680 affects HashiCorp Vault/Vault Enterprise transit secrets engine. The vulnerability allows an authorized user to specify arbitrary nonces, even when convergent encryption is disabled. The encrypt endpoint, with an offline attack, could decrypt arbitrary ciphertext and potentially der...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder