CVE-2023-5954 – Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption
https://notcve.org/view.php?id=CVE-2023-5954
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10. Las solicitudes de clientes entrantes de HashiCorp Vault y Vault Enterprise que activan una verificación de políticas pueden provocar un consumo ilimitado de memoria. Un gran número de estas solicitudes pueden dar lugar a una denegación de servicio. • https://discuss.hashicorp.com/t/hcsec-2023-33-vault-requests-triggering-policy-checks-may-lead-to-unbounded-memory-consumption/59926 https://security.netapp.com/advisory/ntap-20231227-0001 https://access.redhat.com/security/cve/CVE-2023-5954 https://bugzilla.redhat.com/show_bug.cgi?id=2249115 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2023-5077 – Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets
https://notcve.org/view.php?id=CVE-2023-5077
The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0. El engine de los secretos en Vault and Vault Enterprise ("Vault") Google Cloud no conservó la existencia de Google Cloud IAM Conditions al crear o actualizar conjuntos de roles. Corregido en Vault 1.13.0. A flaw was found in HashiCorp Vault and Vault Enterprise. • https://discuss.hashicorp.com/t/hcsec-2023-30-vault-s-google-cloud-secrets-engine-removed-existing-iam-conditions-when-creating-updating-rolesets/58654 https://access.redhat.com/security/cve/CVE-2023-5077 https://bugzilla.redhat.com/show_bug.cgi?id=2241980 • CWE-266: Incorrect Privilege Assignment CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2023-3775 – Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service
https://notcve.org/view.php?id=CVE-2023-3775
A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8. Vault Enterprise Sentinel Role Governing Policy creada por un operador para restringir el acceso a los recursos en un espacio de nombres se puede aplicar a solicitudes externas en otro espacio de nombres no descendiente, lo que podría provocar una denegación de servicio. Corregido en Vault Enterprise 1.15.0, 1.14.4, 1.13.8. A flaw was found in the Vault Enterprise. • https://discuss.hashicorp.com/t/hcsec-2023-29-vault-enterprise-s-sentinel-rgp-policies-allowed-for-cross-namespace-denial-of-service/58653 https://access.redhat.com/security/cve/CVE-2023-3775 https://bugzilla.redhat.com/show_bug.cgi?id=2241306 • CWE-20: Improper Input Validation CWE-266: Incorrect Privilege Assignment CWE-400: Uncontrolled Resource Consumption •
CVE-2023-4680 – Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption
https://notcve.org/view.php?id=CVE-2023-4680
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11. El motor de secretos de tránsito de HashiCorp Vault y Vault Enterprise permitió a los usuarios autorizados especificar nonces arbitrarios, incluso con el cifrado convergente deshabilitado. El endpoint de cifrado, en combinación con un ataque fuera de línea, podría usarse para descifrar texto cifrado arbitrario y potencialmente derivar la subclave de autenticación cuando se utiliza el motor de secretos de tránsito sin cifrado convergente. • https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249 • CWE-20: Improper Input Validation CWE-323: Reusing a Nonce, Key Pair in Encryption •
CVE-2023-3462 – Vault's LDAP Auth Method Allows for User Enumeration
https://notcve.org/view.php?id=CVE-2023-3462
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5. A flaw was found in the HashiCorp Vault. The Vault and Vault Enterprise (“Vault”) LDAP auth method allows unauthenticated users to potentially enumerate valid accounts in the configured LDAP system by observing the response error when querying usernames. • https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714 https://access.redhat.com/security/cve/CVE-2023-3462 https://bugzilla.redhat.com/show_bug.cgi?id=2228020 • CWE-203: Observable Discrepancy •