CVE-2023-3774 - OpenCVE

An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Hashicorp	Vault

Configuration 1 [-]

OR	cpe:2.3:a:hashicorp:vault:1.12.8::::enterprise:::
	cpe:2.3:a:hashicorp:vault:1.13.4::::enterprise:::
	cpe:2.3:a:hashicorp:vault:1.14.0::::enterprise:::

References

Link	Resource
https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-07-28T00:45:04.379Z

Updated: 2023-07-28T00:45:04.379Z

Reserved: 2023-07-19T14:24:44.833Z

Link: CVE-2023-3774

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-28T01:15:09.820

Modified: 2023-08-03T14:05:44.927

Link: CVE-2023-3774

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:1.12.8:*:*:*:enterprise:*:*:*", "matchCriteriaId": "569B71B0-54D5-404F-A88D-64962015C309", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:1.13.4:*:*:*:enterprise:*:*:*", "matchCriteriaId": "709FF8A4-0A50-4153-9FD5-F6ECFE12D245", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "DB12634A-9B34-44C0-AC11-11120295E3F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9."}], "id": "CVE-2023-3774", "lastModified": "2023-08-03T14:05:44.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2023-07-28T01:15:09.820", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2023-23-vault-enterprise-namespace-creation-may-lead-to-denial-of-service/56617"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-703"}], "source": "security@hashicorp.com", "type": "Secondary"}]}