CVE-2023-2121
published 2023-06-09CVE-2023-2121: Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability…
PriorityP426medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.42%
33.4th percentile
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_vault | >= 0 < 1.11.11 | 1.11.11 |
| github.com | hashicorp_vault | >= 1.12.0 < 1.12.7 | 1.12.7 |
| github.com | hashicorp_vault | >= 1.13.0 < 1.13.3 | 1.13.3 |
| hashicorp | vault | < 1.11.11 | 1.11.11 |
| hashicorp | vault | >= 1.10.0 < 1.11.0 | 1.11.0 |
| hashicorp | vault | >= 1.11.0 < 1.11.11 | 1.11.11 |
| hashicorp | vault | >= 1.12.0 < 1.12.7 | 1.12.7 |
| hashicorp | vault | >= 1.13.0 < 1.13.3 | 1.13.3 |
| hashicorp | vault_enterprise | >= 1.10.0 < 1.11.0 | 1.11.0 |
| hashicorp | vault_enterprise | >= 1.11.0 < 1.11.11 | 1.11.11 |
| hashicorp | vault_enterprise | >= 1.12.0 < 1.12.7 | 1.12.7 |
| hashicorp | vault_enterprise | >= 1.13.0 < 1.13.3 | 1.13.3 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
ghsa5.4MEDIUM
osv5.4MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault
osv·2024-08-20
CVE-2023-2121 Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault
Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault
Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault
GHSA
Hashicorp Vault vulnerable to Cross-site Scripting
ghsa·2023-06-09·CVSS 5.4
CVE-2023-2121 [MEDIUM] CWE-79 Hashicorp Vault vulnerable to Cross-site Scripting
Hashicorp Vault vulnerable to Cross-site Scripting
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
OSV
Hashicorp Vault vulnerable to Cross-site Scripting
osv·2023-06-09·CVSS 5.4
CVE-2023-2121 [MEDIUM] Hashicorp Vault vulnerable to Cross-site Scripting
Hashicorp Vault vulnerable to Cross-site Scripting
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
Red Hat
kernel: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
vendor_redhat·2025-09-16·CVSS 5.5
CVE-2023-53280 [MEDIUM] CWE-824 kernel: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
kernel: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
System crash when qla2x00_start_sp(sp) returns error code EGAIN and wake_up
gets called for uninitialized wait queue sp->nvme_ls_waitq.
qla2xxx [0000:37:00.1]-2121:5: Returning existing qpair of ffff8ae2c0513400 for idx=0
qla2xxx [0000:37:00.1]-700e:5: qla2x00_start_sp failed = 11
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
PGD 0 P4D 0
Oops: 0000 [#1] SMP NOPTI
Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021
Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]
RIP: 0010:__wake_up_common+0x4c/0x190
RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086
RA
Red Hat
vim: use-after-free in ex_substitute in Vim
vendor_redhat·2023-11-22·CVSS 3.6
CVE-2023-48706 [LOW] CWE-416 vim: use-after-free in ex_substitute in Vim
vim: use-after-free in ex_substitute in Vim
Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.
A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substituti
Red Hat
hashicorp: html injection into web ui
vendor_redhat·2023-06-09·CVSS 4.3
CVE-2023-2121 [MEDIUM] CWE-79 hashicorp: html injection into web ui
hashicorp: html injection into web ui
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
A flaw was found in HashiCorp Vault and Vault Enterprise, where they are vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the key-value v2 (kv-v2) diff viewer. A remote, authenticated attacker can inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site once the page is viewed. This flaw allows an attacker to steal the victim's cookie-based authentication credentials.
Package: openshift-logging/logging-l
Suricata
ET FTP Vulnerable WS_FTP Version in FTP Banner Response (CVE-2023-40044)
suricata·2023-10-05·CVSS 10.0
CVE-2023-40044 [CRITICAL] ET FTP Vulnerable WS_FTP Version in FTP Banner Response (CVE-2023-40044)
ET FTP Vulnerable WS_FTP Version in FTP Banner Response (CVE-2023-40044)
Rule: alert tcp-pkt $HOME_NET [21,990,2100,2121,3535] -> any any (msg:"ET FTP Vulnerable WS_FTP Version in FTP Banner Response (CVE-2023-40044)"; flow:established,to_client; content:"220"; startswith; content:"WS_FTP|20|Server|20|"; fast_pattern; distance:0; pcre:"/^(8\.7\.[0-3])|(8\.[0-6]\.\d{1,})|(8\.8\.[0-1])(?:$|\x28)/R"; threshold: type limit, track by_src, seconds 3600, count 1; reference:url,www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044; reference:cve,2023-40044; classtype:network-scan; sid:2048464; rev:3; metadata:affected_product WS_FTP, attack_target FTP_Server, created_at 2023_10_05, cve CVE_2023_40044, deployment Perimeter, deployment Internal, perfo
No public exploits indexed.
Bugzilla
CVE-2023-53280 kernel: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
bugzilla·2025-09-16·CVSS 5.5
CVE-2023-53280 [MEDIUM] CVE-2023-53280 kernel: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
CVE-2023-53280 kernel: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
System crash when qla2x00_start_sp(sp) returns error code EGAIN and wake_up
gets called for uninitialized wait queue sp->nvme_ls_waitq.
qla2xxx [0000:37:00.1]-2121:5: Returning existing qpair of ffff8ae2c0513400 for idx=0
qla2xxx [0000:37:00.1]-700e:5: qla2x00_start_sp failed = 11
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
PGD 0 P4D 0
Oops: 0000 [#1] SMP NOPTI
Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021
Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]
RIP: 0010:__wake_up_common+0x4c/0x190
RSP: 0018:ffff95f3e0cb7cd0 E
Bugzilla
CVE-2023-32665 glib: GVariant deserialisation does not match spec for non-normal data
bugzilla·2023-06-02·CVSS 5.5
CVE-2023-32665 [MEDIUM] CVE-2023-32665 glib: GVariant deserialisation does not match spec for non-normal data
CVE-2023-32665 glib: GVariant deserialisation does not match spec for non-normal data
GLib's GVariant deserialization prior to GLib 2.74.4 is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.
References:
https://gitlab.gnome.org/GNOME/glib/-/issues/2121
Discussion:
Created glib tracking bugs for this issue:
Affects: epel-all [bug 2212688]
Created glib2 tracking bugs for this issue:
Affects: fedora-37 [bug 2212690]
Affects: fedora-38 [bug 2212696]
Affects: fedora-all [bug 2212689]
Created mingw-glib2 tracking bugs for this issue:
Affects: fedora-37 [bug 2212693]
Affects: fedora-38 [bug 2212697]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2023:663
2023-06-09
Published