HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)

Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API encryption keys, passwords, and certificates. The vulnerability was an SQL injection vulnerability that potentially could lead to a Remote Code Execution (RCE). Oxeye reported this vulnerability to HashiCorp, and the team quickly patched it in versions 1.13.1, 1.12.5, and 1.11.9. of Vault. HashiCorp Vault HashiCorp Vault provides encryption services for modern, microservices-based … More →

The post …

access api certificates code code execution controls cve encryption encryption keys hashicorp hashicorp vault identity injection keys management microservices oxeye passwords patch project rce remote code remote code execution secrets security update services sql sql injection system team vault vulnerability