CVE-2023-0665— Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-0665
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata
Source: NVD (National Vulnerability Database)
Vulnerability Description
HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
HashiCorp Vault 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HashiCorp Vault是美国HashiCorp公司的一款私钥访问管理工具。 HashiCorp Vault 1.13.1之前版本、1.12.5之前版本 和 1.11.9之前版本存在安全漏洞,该漏洞源于通过挂载颁发者端点可以删除颁发者或修改颁发者元数据,可能导致 PKI 挂载拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HashiCorp | Vault | 1.13.0 ~ 1.13.1 | - | |
| HashiCorp | Vault Enterprise | 1.13.0 ~ 1.13.1 | - |
II. Public POCs for CVE-2023-0665
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-0665
请登录查看更多情报信息。
Same Patch Batch · HashiCorp · 2023-03-30 · 3 CVEs total
| CVE-2023-0620 | 6.5 MEDIUM | Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Back |
| CVE-2023-25000 | 5.0 MEDIUM | Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations |
IV. Related Vulnerabilities
Same product: Vault
- CVE-2026-5807
Vault Vulnerable to Denial-of-Service via Unauthenticated Ro - CVE-2026-4525
Vault Token Leaked to Backends via Authorization: Bearer Pas - CVE-2026-5052
Vault Vulnerable to Server-Side Request Forgery in ACME Chal - CVE-2026-3605
Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial - CVE-2025-12044
Vault Vulnerable to Denial of Service Due to Rate Limit Regr
Same vendor: HashiCorp
- CVE-2026-7776
Boundary Workers Vulnerable to Denial of Service During TLS - CVE-2026-5807
Vault Vulnerable to Denial-of-Service via Unauthenticated Ro - CVE-2026-4525
Vault Token Leaked to Backends via Authorization: Bearer Pas - CVE-2026-5052
Vault Vulnerable to Server-Side Request Forgery in ACME Chal - CVE-2026-3605
Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial
Same weakness: CWE-285
- CVE-2026-8241
Industrial Application Software IAS Canias ERP RMI iasGetSer - CVE-2026-42202
nova-toggle-5: Improper authorization on toggle endpoint all - CVE-2026-33823
Microsoft Team Events Portal Information Disclosure Vulnerab - CVE-2026-41572
Note Mark: Unauthenticated read of notes and assets in soft- - CVE-2026-7713
crocodilestick Calibre-Web-Automated Kobo auth-token Route k
V. Comments for CVE-2023-0665
No comments yet