Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.7
CVSSv3

CVE-2023-0620

Published: 30/03/2023 Updated: 26/05/2023
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8
VMScore: 0
Subscribe to Hashicorp

Vulnerability Summary

HashiCorp Vault and Vault Enterprise versions 0.8.0 up to and including 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

hashicorp vault

Vendor Advisories

Red Hat: Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...
Red Hat:
Description<!---->A flaw was found in HashiCorp Vault and Vault Enterprise, which are vulnerable to SQL injection This flaw allows a local authenticated attacker to send specially-crafted SQL statements to the Microsoft SQL (MSSQL) Database Storage Backend, which could allow the attacker to view, add, modify, or delete information in the backend d ...

References

CWE-89https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1https://security.netapp.com/advisory/ntap-20230526-0008/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2023:3742https://access.redhat.com/security/cve/cve-2023-0620
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook