CVE-2023-0690 — MEDIUM (5.0)

Q: How severe is CVE-2023-0690?

CVE-2023-0690 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-0690?

Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Boundary.

Vulnerability Description

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Hashicorp	Boundary	>= 0.10.0, < 0.12.0

Related Weaknesses (CWE)

CWE-311 CWE-312

References

https://discuss.hashicorp.com/t/hcsec-2023-03-boundary-workers-store-rotated-creVendor Advisory
https://discuss.hashicorp.com/t/hcsec-2023-03-boundary-workers-store-rotated-creVendor Advisory

FAQ

What is CVE-2023-0690?

CVE-2023-0690 is a vulnerability with a CVSS score of 5.0 (MEDIUM). HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after ...

How severe is CVE-2023-0690?

CVE-2023-0690 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-0690?

Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Boundary.