admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-31 10:41:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-06xx/CVE-2023-0665.json
cad-safe-bot 72e4d7380f Auto-Update: 2023-05-26T22:00:25.944471+00:00
2023-05-26 22:00:29 +00:00

146 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-0665",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-03-30T01:15:07.437",
"lastModified": "2023-05-26T20:15:31.533",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionEndExcluding": "1.11.9",
"matchCriteriaId": "2C565DBD-95F4-4951-A029-93ABE5315740"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "1.11.9",
"matchCriteriaId": "80EB9F32-09A4-469C-AF76-1AE3137EAC1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndExcluding": "1.12.5",
"matchCriteriaId": "446F872F-F64C-44CA-85BC-144FCFBCFA8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.12.0",
"versionEndExcluding": "1.12.5",
"matchCriteriaId": "71A02FE6-C8D4-455D-A71A-C8353E1ECB7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*",
"versionStartIncluding": "1.13.0",
"versionEndExcluding": "1.13.1",
"matchCriteriaId": "81280166-3DF7-4867-95E9-A7AFB9A12CE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.13.0",
"versionEndExcluding": "1.13.1",
"matchCriteriaId": "C56E203C-1E18-4395-B500-B6EA695B16C0"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1",
"source": "security@hashicorp.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230526-0008/",
"source": "security@hashicorp.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink