Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
History

Mon, 06 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published:

Updated: 2025-01-06T18:15:00.958Z

Reserved: 2023-04-17T14:51:51.916Z

Link: CVE-2023-2121

cve-icon Vulnrichment

Updated: 2024-08-02T06:12:20.468Z

cve-icon NVD

Status : Modified

Published: 2023-06-09T17:15:09.467

Modified: 2024-11-21T07:57:58.620

Link: CVE-2023-2121

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-06-09T00:00:00Z

Links: CVE-2023-2121 - Bugzilla