Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-0665

Опубликовано: 30 мар. 2023
Источник: redhat
CVSS3: 6.5

Описание

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

A flaw was found in the Hashicorp vault. Vault’s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in a denial of service of the PKI mount. This bug did not affect public or private key material, trust chains, or certificate issuance.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel8Not affected
Red Hat OpenShift Container Platform 4openshift4/topology-aware-lifecycle-manager-rhel8-operatorNot affected
Red Hat Openshift Container Storage 4ocs4/cephcsi-rhel8Out of support scope
Red Hat Openshift Container Storage 4ocs4/mcg-rhel8-operatorOut of support scope
Red Hat Openshift Container Storage 4ocs4/ocs-rhel8-operatorOut of support scope
Red Hat Openshift Container Storage 4ocs4/rook-ceph-rhel8-operatorOut of support scope
Red Hat Openshift Data Foundation 4odf4/cephcsi-rhel9Not affected
Red Hat Openshift Data Foundation 4odf4/mcg-rhel9-operatorAffected
Red Hat Openshift Data Foundation 4odf4/ocs-rhel9-operatorAffected
Red Hat Openshift Data Foundation 4odf4/odf-multicluster-rhel9-operatorAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=2182981hashicorp/vault: Vault’s PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-0665

CVSS3: 6.5
nvd
около 2 лет назад

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

github логотип

GHSA-hwc3-3qh6-r4gg

CVSS3: 6.5
github
около 2 лет назад

HashiCorp Vault's PKI mount vulnerable to denial of service

fstec логотип

BDU:2025-06181

CVSS3: 6.5
fstec
около 2 лет назад

Уязвимость механизма PKI платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, позволяющая нарушителю вызвать отказ в обслуживании

redos логотип

ROS-20250526-06

CVSS3: 8.1
redos
24 дня назад

Множественные уязвимости vault

6.5 Medium

CVSS3