HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-03-30T00:21:47.676Z

Updated: 2024-08-02T05:17:50.328Z

Reserved: 2023-02-03T21:24:59.629Z

Link: CVE-2023-0665

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-03-30T01:15:07.437

Modified: 2024-11-21T07:37:35.217

Link: CVE-2023-0665

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-03-30T00:00:00Z

Links: CVE-2023-0665 - Bugzilla