CVE-2023-0665: Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata
First published: Thu Mar 30 2023(Updated: )
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
Credit: security@hashicorp.com security@hashicorp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| go/github.com/hashicorp/vault | >=1.13.0<1.13.1 | 1.13.1 |
| go/github.com/hashicorp/vault | >=1.12.0<1.12.5 | 1.12.5 |
| go/github.com/hashicorp/vault | <1.11.9 | 1.11.9 |
| HashiCorp Vault | <1.11.9 | |
| HashiCorp Vault | <1.11.9 | |
| HashiCorp Vault | >=1.12.0<1.12.5 | |
| HashiCorp Vault | >=1.12.0<1.12.5 | |
| HashiCorp Vault | >=1.13.0<1.13.1 | |
| HashiCorp Vault | >=1.13.0<1.13.1 | |
| redhat/vault | <1.13.1 | 1.13.1 |
| redhat/vault | <1.12.5 | 1.12.5 |
| redhat/vault | <1.11.9 | 1.11.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2023-0665
- https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1
- https://security.netapp.com/advisory/ntap-20230526-0008/
- https://github.com/advisories/GHSA-hwc3-3qh6-r4gg (Advisory)
- https://access.redhat.com/errata/RHSA-2023:1326
- https://access.redhat.com/security/cve/cve-2023-0665
- https://access.redhat.com/errata/RHSA-2023:3742
- https://access.redhat.com/errata/RHSA-2023:5006
- https://bugzilla.redhat.com/show_bug.cgi?id=2182981
- https://www.cve.org/CVERecord?id=CVE-2023-0665 https://nvd.nist.gov/vuln/detail/CVE-2023-0665 https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1
Frequently Asked Questions
What is CVE-2023-0665?
CVE-2023-0665 is a vulnerability in HashiCorp Vault's PKI mount issuer endpoints that can result in denial of service of the PKI mount.
How does CVE-2023-0665 affect HashiCorp Vault?
CVE-2023-0665 affects HashiCorp Vault's PKI mount issuer endpoints, potentially resulting in denial of service of the PKI mount.
What is the severity of CVE-2023-0665?
CVE-2023-0665 has a severity rating of 6.5 out of 10, which is considered medium.
How do I fix CVE-2023-0665 in HashiCorp Vault?
To fix CVE-2023-0665 in HashiCorp Vault, update to version 1.13.1, 1.12.5, or 1.11.9.
Where can I find more information about CVE-2023-0665?
You can find more information about CVE-2023-0665 at the following references: [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-0665), [HashiCorp Discuss](https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1), [NetApp Security Advisory](https://security.netapp.com/advisory/ntap-20230526-0008/).
- collector/github-advisory-latest
- alias/GHSA-hwc3-3qh6-r4gg
- alias/CVE-2023-0665
- collector/github-advisory
- collector/redhat-cve
- collector/nvd-index
- collector/nvd-cve
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/event
- agent/tags
- agent/trending
- package-manager/go
- vendor/hashicorp
- canonical/hashicorp vault
- version/hashicorp vault/1.12.0
- version/hashicorp vault/1.13.0
- package-manager/redhat