CVE-2023-0620 — SQL Injection in Vault

CWE-89 — SQL Injection5 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 70.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hashicorp Vault Hashicorp Vault Enterprise Github.com Hashicorp Vault

Timeline

PublishedMar 30

Latest updateAug 20

Description

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5hashicorp/vault_enterprise1.13.0 — 1.13.1+2

▶CVEListV5hashicorp/vault0.8.0 — 1.11.9

▶NVDhashicorp/vault1.12.0 — 1.12.5+2

▶Gogithub.com/hashicorp_vault0.8.0 — 1.11.9+2

Patches

Patch: discuss.hashicorp.com ↗Patch: discuss.hashicorp.com ↗

🔴Vulnerability Details

OSV

HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault↗2024-08-20

▶

OSV

HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File↗2023-03-30

▶

GHSA

HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File↗2023-03-30

▶

📋Vendor Advisories

Red Hat

vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File↗2023-03-30

▶