6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-0665

GHSA ID

GHSA-hwc3-3qh6-r4gg

EPSS Score

0.25209%

CWE

CWE-285

Published

3/30/2023

Updated

5/26/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-0665

CVE-2023-0665: HashiCorp Vault's PKI mount vulnerable to denial of service

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-0665

GHSA ID

GHSA-hwc3-3qh6-r4gg

EPSS Score

0.25209%

CWE

CWE-285

Published

3/30/2023

Updated

5/26/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/hashicorp/vault	go	< 1.11.9	1.11.9
github.com/hashicorp/vault	go	>= 1.12.0, < 1.12.5	1.12.5
github.com/hashicorp/vault	go	>= 1.13.0, < 1.13.1	1.13.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unauthenticated endpoints (/issuer/:ref/{json,der,pem}) that handle issuer metadata operations. These functions correspond to the documented attack vectors:-

pathDeleteIssuer matches the 'remove an issuer' capability described
pathModifyIssuer aligns with 'modify issuer metadata' operations While exact code isn't available, Vault's PKI implementation structure and HashiCorp's bulletin explicitly reference these endpoint types as vulnerable. The CWE-285 mapping confirms authorization flaws in these write operations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**s*i*orp V*ult's PKI mount issu*r *n*points *i* not *orr**tly *ut*oriz* ****ss to r*mov* *n issu*r or mo*i*y issu*r m*t***t*, pot*nti*lly r*sultin* in **ni*l o* s*rvi** o* t** PKI mount. T*is *u* *i* not *****t pu*li* or priv*t* k*y m*t*ri*l, trust

Reasoning

T** vuln*r**ility st*ms *rom un*ut**nti**t** *n*points (/issu*r/:r**/{json,**r,p*m}) t**t **n*l* issu*r m*t***t* op*r*tions. T**s* *un*tions *orr*spon* to t** *o*um*nt** *tt**k v**tors:- *. p*t***l*t*Issu*r m*t***s t** 'r*mov* *n issu*r' **p**ility

6.5

Basic Information

Concerned about an active attack path?

CVE-2023-0665: HashiCorp Vault's PKI mount vulnerable to denial of service

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI