CVE-2023-25000: Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations
First published: Thu Mar 30 2023(Updated: )
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
Credit: security@hashicorp.com security@hashicorp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Vault | <1.11.9 | |
| HashiCorp Vault | <1.11.9 | |
| HashiCorp Vault | >=1.12.0<1.12.5 | |
| HashiCorp Vault | >=1.12.0<1.12.5 | |
| HashiCorp Vault | >=1.13.0<1.13.1 | |
| HashiCorp Vault | >=1.13.0<1.13.1 | |
| redhat/vault | <1.13.1 | 1.13.1 |
| redhat/vault | <1.12.5 | 1.12.5 |
| redhat/vault | <1.11.9 | 1.11.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2023-25000
- https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078
- https://security.netapp.com/advisory/ntap-20230526-0008/
- https://github.com/hashicorp/vault/pull/19495
- https://github.com/advisories/GHSA-vq4h-9ghm-qmrr (Advisory)
- https://access.redhat.com/errata/RHSA-2023:1326
- https://access.redhat.com/security/cve/cve-2023-25000
- https://access.redhat.com/errata/RHSA-2023:3742
- https://access.redhat.com/errata/RHSA-2023:5006
- https://bugzilla.redhat.com/show_bug.cgi?id=2182972
- https://www.cve.org/CVERecord?id=CVE-2023-25000 https://nvd.nist.gov/vuln/detail/CVE-2023-25000 https://discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-25000.
What is the severity of CVE-2023-25000?
The severity of CVE-2023-25000 is medium (5).
Which software is affected by CVE-2023-25000?
The software affected by CVE-2023-25000 is HashiCorp Vault.
How can an attacker exploit CVE-2023-25000?
An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force attack.
How do I fix CVE-2023-25000?
To fix CVE-2023-25000, update HashiCorp Vault to version 1.13.1, 1.12.5, or 1.11.9.
- collector/github-advisory-latest
- alias/GHSA-vq4h-9ghm-qmrr
- alias/CVE-2023-25000
- collector/github-advisory
- collector/redhat-cve
- collector/nvd-index
- collector/nvd-cve
- agent/weakness
- agent/author
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/references
- agent/severity
- agent/remedy
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/event
- agent/tags
- agent/trending
- package-manager/go
- vendor/hashicorp
- canonical/hashicorp vault
- version/hashicorp vault/1.12.0
- version/hashicorp vault/1.13.0
- package-manager/redhat