Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-06-09T16:59:49.065Z

Updated: 2024-08-02T06:12:20.468Z

Reserved: 2023-04-17T14:51:51.916Z

Link: CVE-2023-2121

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-09T17:15:09.467

Modified: 2024-11-21T07:57:58.620

Link: CVE-2023-2121

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-06-09T00:00:00Z

Links: CVE-2023-2121 - Bugzilla