CVE-2023-4680
6.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HashiCorp | Vault | 1.14.0 < 1.14.3 | affected |
| HashiCorp | Vault | 1.13.0 < 1.13.7 | affected |
| HashiCorp | Vault | 1.12.0 < 1.12.11 | affected |
| HashiCorp | Vault | 1.6.0 < 1.12.0 | affected |
| HashiCorp | Vault Enterprise | 1.14.0 < 1.14.3 | affected |
| HashiCorp | Vault Enterprise | 1.13.0 < 1.13.7 | affected |
| HashiCorp | Vault Enterprise | 1.12.0 < 1.12.11 | affected |
| HashiCorp | Vault Enterprise | 1.6.0 < 1.12.0 | affected |
Weaknesses
- CWE-323: CWE-323: Reusing a Nonce, Key Pair in Encryption
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.