CVE-2023-2121
CVSS V2 None
CVSS V3 None
Description
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
Overview
- CVE ID
- CVE-2023-2121
- Assigner
- HashiCorp
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-06-09T16:59:49.065Z
- Last Modified Date
- 2023-06-09T16:59:49.065Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-2121 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2121 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-24 21:46:26 | Added to TrackCVE |