Lucene search
GoogleOSV:CVE-2023-4680HistorySep 15, 2023 - 12:15 a.m.
CVE-2023-4680
2023-09-1500:15:07
Google
osv.dev
7
hashicorp
vault
vault enterprise
transit secrets
encryption
vulnerability
software
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.
Related
osv
osv
HashiCorp Vault Improper Input Validation vulnerability in github.com/hashicorp/vault
2024-08-21 14:30:18
HashiCorp Vault Improper Input Validation vulnerability
2023-09-15 00:30:29
CGA-hhgm-mv22-ff57
2024-06-06 12:26:02
prion
prion
Design/Logic Flaw
2023-09-15 00:15:00
cgr
cgr
CVE-2023-4680 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-4680
2023-09-15 00:15:07
redhatcve
redhatcve
CVE-2023-4680
2024-08-27 07:39:22
alpinelinux
alpinelinux
CVE-2023-4680
2023-09-15 00:15:07
vulnrichment
vulnrichment
wolfi
wolfi
CVE-2023-4680 vulnerabilities
2024-10-01 21:13:23
veracode
veracode
Improper Input Validation
2023-09-20 06:14:59
cvelist
cvelist
github
github
HashiCorp Vault Improper Input Validation vulnerability
2023-09-15 00:30:29
nvd
nvd
CVE-2023-4680
2023-09-15 00:15:07
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-10-25 20:24:23