CVE-2023-4680
ADVISORY - githubSummary
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
EPSS Score: 0.00616 (0.692)
Common Weakness Enumeration (CWE)
ADVISORY - gitlab
ADVISORY - redhat
Improper Input Validation
NIST
CVSS SCORE
6.8mediumGitHub
CVSS SCORE
6.8mediumAlpine
CREATED
UPDATED
ADVISORY IDCVE-2023-4680
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
GoLang
CREATED
UPDATED
ADVISORY IDGO-2023-2063
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Bitnami
CREATED
UPDATED
ADVISORY ID
BIT-2023-4680
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumBitnami
CREATED
UPDATED
ADVISORY ID
BIT-vault-2023-4680
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6.8mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2023-4680
EXPLOITABILITY SCORE
1.6
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
6.8mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-hhgm-mv22-ff57
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-