12 matches found
EUVD-2023-1807
Malicious code in bioql PyPI...
Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Cross-site Scripting in Vault (CVE-2023-2121)
Summary Vault is used by IBM Storage Fusion Data Foundation in mcg, ocs, odr, cephcsi, multicluster, and odr operators as part of credential management. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-2121. Vulnerability...
Hashicorp Vault vulnerable to Cross-site Scripting
Vault and Vault Enterprise's Vault key-value v2 kv-v2 diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11...
GHSA-GQ98-53RQ-QR5H Hashicorp Vault vulnerable to Cross-site Scripting
Vault and Vault Enterprise's Vault key-value v2 kv-v2 diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11...
CVE-2023-2121 vulnerabilities
Vulnerabilities for packages: k3d...
CVE-2023-2121 vulnerabilities
Vulnerabilities for packages: k3d...
CVE-2023-2121
Vault and Vault Enterprise's Vault key-value v2 kv-v2 diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11...
Input validation
Vault and Vault Enterprise's Vault key-value v2 kv-v2 diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11...
CVE-2023-2121 Vault’s KV Diff Viewer Allowed for HTML Injection
Vault and Vault Enterprise's Vault key-value v2 kv-v2 diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11...
CVE-2023-2121
The CVE-2023-2121 issue affects HashiCorp Vault and Vault Enterprise, stemming from the key-value v2 (kv-v2) diff viewer and improper input handling that allowed HTML injection in the Vault web UI. The vulnerability could enable cross-site scripting through user-supplied values rendered by the di...
CVE-2023-2121 Vault’s KV Diff Viewer Allowed for HTML Injection
Vault and Vault Enterprise's Vault key-value v2 kv-v2 diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11...
Vault’s KV Diff Viewer Allowed HTML Injection
Summary Vault and Vault Enterprise’s Vault key-value v2 kv-v2 diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11. Background Vault 1.10.0 introduced the ability to easily review the...