cbcvebase.
CVE-2023-25000
published 2023-03-30

CVE-2023-25000: HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access…

PriorityP421medium4.7CVSS 3.1
AVLACHPRLUINSUCHINAN
EPSS
0.21%
11.2th percentile
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

Affected

12 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_vault>= 0 < 1.11.91.11.9
github.comhashicorp_vault>= 1.12.0 < 1.12.51.12.5
github.comhashicorp_vault>= 1.13.0 < 1.13.11.13.1
hashicorpvault< 1.11.01.11.0
hashicorpvault< 1.11.91.11.9
hashicorpvault>= 1.11.0 < 1.11.91.11.9
hashicorpvault>= 1.12.0 < 1.12.51.12.5
hashicorpvault>= 1.13.0 < 1.13.11.13.1
hashicorpvault_enterprise< 1.11.01.11.0
hashicorpvault_enterprise>= 1.11.0 < 1.11.91.11.9
hashicorpvault_enterprise>= 1.12.0 < 1.12.51.12.5
hashicorpvault_enterprise>= 1.13.0 < 1.13.11.13.1

CVSS provenance

nvdv3.14.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.