github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability exists because the PKI mount issuer endpoints do not correctly authorize access to remove an issuer or modify issuer metadata which allows an attacker to cause an application crash.
bugzilla.redhat.com/show_bug.cgi?id=2182981
discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079
discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1
github.com/advisories/GHSA-hwc3-3qh6-r4gg
github.com/hashicorp/vault/commit/3913c2faf8b15739b5ccde56af9944cbe1637397
github.com/hashicorp/vault/commit/4d989439518d83bfbe8e365fa003b2f05fb37eea
github.com/hashicorp/vault/commit/5310b696ce14dfb349b9e0e80bdc8e351a7eb256
github.com/hashicorp/vault/pull/19711
github.com/hashicorp/vault/pull/19712
github.com/hashicorp/vault/pull/19713
security.netapp.com/advisory/ntap-20230526-0008/