CVE-2023-6337 – Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
https://notcve.org/view.php?id=CVE-2023-6337
HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. HashiCorp Vault y Vault Enterprise 1.12.0 y versiones posteriores son vulnerables a una denegación de servicio debido al agotamiento de la memoria del host cuando se manejan grandes solicitudes HTTP autenticadas y no autenticadas de un cliente. Vault intentará asignar la solicitud a la memoria, lo que provocará que se agote la memoria disponible en el host, lo que puede provocar que Vault falle. Corregido en Vault 1.15.4, 1.14.8, 1.13.12. • https://discuss.hashicorp.com/t/hcsec-2023-34-vault-vulnerable-to-denial-of-service-through-memory-exhaustion-when-handling-large-http-requests/60741 https://security.netapp.com/advisory/ntap-20240112-0006 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-5077 – Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
https://notcve.org/view.php?id=CVE-2023-5077
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0. El engine de los secretos en Vault and Vault Enterprise ("Vault") Google Cloud no conservó la existencia de Google Cloud IAM Conditions al crear o actualizar conjuntos de roles. Corregido en Vault 1.13.0. A flaw was found in HashiCorp Vault and Vault Enterprise. • https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654 https://access.redhat.com/security/cve/CVE-2023-5077 https://bugzilla.redhat.com/show_bug.cgi?id=2241980 • CWE-266: Incorrect Privilege Assignment CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-3775 – Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
https://notcve.org/view.php?id=CVE-2023-3775
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8. Vault Enterprise Sentinel Role Governing Policy creada por un operador para restringir el acceso a los recursos en un espacio de nombres se puede aplicar a solicitudes externas en otro espacio de nombres no descendiente, lo que podría provocar una denegación de servicio. Corregido en Vault Enterprise 1.15.0, 1.14.4, 1.13.8. A flaw was found in the Vault Enterprise. • https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653 https://access.redhat.com/security/cve/CVE-2023-3775 https://bugzilla.redhat.com/show_bug.cgi?id=2241306 • CWE-20: Improper Input Validation CWE-266: Incorrect Privilege Assignment CWE-400: Uncontrolled Resource Consumption •
CVE-2023-4680 – Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
https://notcve.org/view.php?id=CVE-2023-4680
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11. El motor de secretos de tránsito de HashiCorp Vault y Vault Enterprise permitió a los usuarios autorizados especificar nonces arbitrarios, incluso con el cifrado convergente deshabilitado. El endpoint de cifrado, en combinación con un ataque fuera de línea, podría usarse para descifrar texto cifrado arbitrario y potencialmente derivar la subclave de autenticación cuando se utiliza el motor de secretos de tránsito sin cifrado convergente. • https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249 • CWE-20: Improper Input Validation CWE-323: Reusing a Nonce, Key Pair in Encryption •
CVE-2023-2121 – Vault’s KV Diff Viewer Allowed for HTML Injection
https://notcve.org/view.php?id=CVE-2023-2121
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11. A flaw was found in HashiCorp Vault and Vault Enterprise, where they are vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the key-value v2 (kv-v2) diff viewer. A remote, authenticated attacker can inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. This flaw allows an attacker to steal the victim's cookie-based authentication credentials. • https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814 https://access.redhat.com/security/cve/CVE-2023-2121 https://bugzilla.redhat.com/show_bug.cgi?id=2214237 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •