CVE-2023-0620
published 2023-03-30CVE-2023-0620: HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL)…
PriorityP432medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.38%
29.6th percentile
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.
This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 0.8.0 < 1.11.9 | 1.11.9 |
| github.com | hashicorp_vault | >= 1.12.0 < 1.12.5 | 1.12.5 |
| github.com | hashicorp_vault | >= 1.13.0 < 1.13.1 | 1.13.1 |
| hashicorp | vault | < 1.11.9 | 1.11.9 |
| hashicorp | vault | >= 0.8.0 < 1.11.9 | 1.11.9 |
| hashicorp | vault | >= 1.12.0 < 1.12.5 | 1.12.5 |
| hashicorp | vault | >= 1.13.0 < 1.13.1 | 1.13.1 |
| hashicorp | vault_enterprise | >= 0.8.0 < 1.11.9 | 1.11.9 |
| hashicorp | vault_enterprise | >= 1.12.0 < 1.12.5 | 1.12.5 |
| hashicorp | vault_enterprise | >= 1.13.0 < 1.13.1 | 1.13.1 |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
vendor_redhat·2023-03-30·CVSS 6.5
CVE-2023-0620 [MEDIUM] CWE-89 vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.
This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
A flaw was found in HashiCorp Vault and Vault Enterprise, which are vulnerable to SQL injection. This flaw allows a local authenticated attacker to send specially-crafted SQL statements to the Microsoft SQL (MSSQL) Database Storage Backend,
OSV
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
osv·2024-08-20
CVE-2023-0620 HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault
OSV
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
osv·2023-03-30
CVE-2023-0620 [MEDIUM] HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
HashiCorp Vault and Vault Enterprise versions 0.8.0 until 1.13.1 are vulnerable to an SQL injection attack when using the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin, certain parameters are required to establish a connection (schema, database, and table) are not sanitized when passed to the user-provided MSSQL database. A privileged attacker with the ability to write arbitrary data to Vault's configuration may modify these parameters to execute a malicious SQL command when the Vault configuration is applied. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
GHSA
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
ghsa·2023-03-30
CVE-2023-0620 [MEDIUM] CWE-89 HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File
HashiCorp Vault and Vault Enterprise versions 0.8.0 until 1.13.1 are vulnerable to an SQL injection attack when using the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin, certain parameters are required to establish a connection (schema, database, and table) are not sanitized when passed to the user-provided MSSQL database. A privileged attacker with the ability to write arbitrary data to Vault's configuration may modify these parameters to execute a malicious SQL command when the Vault configuration is applied. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1https://security.netapp.com/advisory/ntap-20230526-0008/https://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080/1https://security.netapp.com/advisory/ntap-20230526-0008/
2023-03-30
Published