admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 13:36:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-06xx/CVE-2023-0665.json

146 lines
4.6 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2023-0665",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-03-30T01:15:07.437",
Auto-Update: 2023-05-26T22:00:25.944471+00:00
2023-05-26 22:00:29 +00:00
"lastModified": "2023-05-26T20:15:31.533",
"vulnStatus": "Modified",
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionEndExcluding": "1.11.9",
"matchCriteriaId": "2C565DBD-95F4-4951-A029-93ABE5315740"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "1.11.9",
"matchCriteriaId": "80EB9F32-09A4-469C-AF76-1AE3137EAC1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndExcluding": "1.12.5",
"matchCriteriaId": "446F872F-F64C-44CA-85BC-144FCFBCFA8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndExcluding": "1.12.5",
"matchCriteriaId": "71A02FE6-C8D4-455D-A71A-C8353E1ECB7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.13.0",
"versionEndExcluding": "1.13.1",
"matchCriteriaId": "81280166-3DF7-4867-95E9-A7AFB9A12CE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.13.0",
"versionEndExcluding": "1.13.1",
"matchCriteriaId": "C56E203C-1E18-4395-B500-B6EA695B16C0"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1",
"source": "security@hashicorp.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
Auto-Update: 2023-05-26T22:00:25.944471+00:00
2023-05-26 22:00:29 +00:00
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/",
"source": "security@hashicorp.com"
bootstrap
2023-04-24 12:24:31 +02:00
}
]
}
Reference in New Issue Copy Permalink