Vulnerability Description
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp | Vault | < 1.11.9 |
Related Weaknesses (CWE)
References
- https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-noIssue TrackingPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20230526-0008/
- https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-noIssue TrackingPatchVendor Advisory
- https://security.netapp.com/advisory/ntap-20230526-0008/
FAQ
What is CVE-2023-0665?
CVE-2023-0665 is a vulnerability with a CVSS score of 6.5 (MEDIUM). HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did...
How severe is CVE-2023-0665?
CVE-2023-0665 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-0665?
Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Vault.