CVE-2023-0665: HashiCorp Vault's PKI mount vulnerable to denial of service
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.25209%
CWE
Published
3/30/2023
Updated
5/26/2023
KEV Status
No
Technology
Go
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/hashicorp/vault | go | < 1.11.9 | 1.11.9 |
| github.com/hashicorp/vault | go | >= 1.12.0, < 1.12.5 | 1.12.5 |
| github.com/hashicorp/vault | go | >= 1.13.0, < 1.13.1 | 1.13.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from unauthenticated endpoints (/issuer/:ref/{json,der,pem}) that handle issuer metadata operations. These functions correspond to the documented attack vectors:-
- pathDeleteIssuer matches the 'remove an issuer' capability described
- pathModifyIssuer aligns with 'modify issuer metadata' operations While exact code isn't available, Vault's PKI implementation structure and HashiCorp's bulletin explicitly reference these endpoint types as vulnerable. The CWE-285 mapping confirms authorization flaws in these write operations.