Security restrictions bypass in HashiCorp Vault and Vault Enterprise
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-4680 |
| CWE-ID | CWE-254 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Vault Web applications / Modules and components for CMS Vault Enterprise Web applications / Modules and components for CMS |
| Vendor | HashiCorp |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Security features bypass
EUVDB-ID: #VU80812
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4680
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to an error when enforcing policies related to convergent encryption feature. Software does not restrict the use of user-provided nonces when performing encryption operations on the transit secrets engine when convergent encryption is not enabled. A remote user authorized by Vault policies to encrypt transit data may be able to decrypt arbitrary ciphertext by performing encryption operations using known plaintexts and nonces.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVault: 1.12.0 - 1.14.2
Vault Enterprise: 1.12.0 - 1.14.2
CPE2.3- cpe:2.3:a:hashicorp:vault:1.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:vault:1.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:vault:1.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:vault_enterprise:1.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:vault_enterprise:1.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:hashicorp:vault_enterprise:1.12.10:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
