CVE-2023-4680

A flaw was found in HashiCorp Vault and Vault Enterprise, where the transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and...

PT-2023-9602 · Hashicorp +2 · Hashicorp Vault +3

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault and Vault Enterprise versions 1.6.0 through 1.12.10 HashiCorp Vault and Vault Enterprise versions 1.13.0 through 1.13.6 HashiCorp Vault and Vault Enterprise versions 1.14.0 through 1.14.2 Description: The issue is related to...