cbcvebase.
CVE-2023-4680
published 2023-09-15

CVE-2023-4680: HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The…

PriorityP342medium6.8CVSS 3.1
AVNACHPRLUINSUCHIHAN
EPSS
0.37%
28.6th percentile
HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.

Affected

12 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_vault>= 1.13.0 < 1.13.71.13.7
github.comhashicorp_vault>= 1.14.0 < 1.14.31.14.3
github.comhashicorp_vault>= 1.6.0 < 1.12.111.12.11
hashicorpvault>= 1.12.0 < 1.12.111.12.11
hashicorpvault>= 1.13.0 < 1.13.71.13.7
hashicorpvault>= 1.14.0 < 1.14.31.14.3
hashicorpvault>= 1.6.0 < 1.12.01.12.0
hashicorpvault>= 1.6.0 < 1.12.111.12.11
hashicorpvault_enterprise>= 1.12.0 < 1.12.111.12.11
hashicorpvault_enterprise>= 1.13.0 < 1.13.71.13.7
hashicorpvault_enterprise>= 1.14.0 < 1.14.31.14.3
hashicorpvault_enterprise>= 1.6.0 < 1.12.01.12.0

CVSS provenance

nvdv3.16.8MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.