CVE-2023-4680

Name
CVE-2023-4680
Description
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:* vault >= 1.13.0 < 1.13.7
cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:* vault >= 1.14.0 < 1.14.3
cpe:2.3:a:hashicorp:vault:*:*:*:*:*:*:*:* vault >= 1.6.0 < 1.12.11

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
vault 3.18-community 1.13.5-r3 Mike Crute <mike@crute.us> possibly vulnerable