Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-25000

Опубликовано: 30 мар. 2023
Источник: redhat
CVSS3: 5
EPSS Низкий

Описание

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

A flaw was found in the Hashicorp vault. This flaw allows an attacker with access to and the ability to observe a large number of unseal operations on the host through a side channel to reduce the search space of a brute-force effort to recover the Shamir shares.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel8Not affected
Red Hat OpenShift Container Platform 4openshift4/topology-aware-lifecycle-manager-rhel8-operatorNot affected
Red Hat Openshift Container Storage 4ocs4/cephcsi-rhel8Out of support scope
Red Hat Openshift Container Storage 4ocs4/mcg-rhel8-operatorOut of support scope
Red Hat Openshift Container Storage 4ocs4/ocs-rhel8-operatorOut of support scope
Red Hat Openshift Container Storage 4ocs4/rook-ceph-rhel8-operatorOut of support scope
Red Hat Openshift Data Foundation 4odf4/cephcsi-rhel9Not affected
Red Hat Openshift Data Foundation 4odf4/mcg-rhel9-operatorAffected
Red Hat Openshift Data Foundation 4odf4/ocs-rhel9-operatorAffected
Red Hat Openshift Data Foundation 4odf4/odf-multicluster-rhel9-operatorAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-208
https://bugzilla.redhat.com/show_bug.cgi?id=2182972hashicorp/vault: Cache-Timing Attacks During Seal and Unseal Operations

EPSS

Процентиль: 11%
0.00039
Низкий

5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-25000

CVSS3: 5
nvd
больше 2 лет назад

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

github логотип

GHSA-vq4h-9ghm-qmrr

CVSS3: 4.7
github
больше 2 лет назад

HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks

fstec логотип

BDU:2025-06185

CVSS3: 4.7
fstec
больше 2 лет назад

Уязвимость реализации механизма Shamir’s secret платформ для архивирования корпоративной информации HashiCorp Vault и Vault Enterprise, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

redos логотип

ROS-20250526-06

CVSS3: 8.1
redos
4 месяца назад

Множественные уязвимости vault

EPSS

Процентиль: 11%
0.00039
Низкий

5 Medium

CVSS3