CVE-2023-2121

描述

Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

受影響套件(3)

• Bitnami/vaultfrom 0, < 1.11.11, >= 1.12.0, < 1.12.7, >= 1.13.0, < 1.13.3
• Go/github.com/hashicorp/vaultfrom 0, < 1.11.11
• Go/github.com/hashicorp/vaultfrom 0, < 1.11.11, >= 1.12.0, < 1.12.7, >= 1.13.0, < 1.13.3

CVSS 分數

參考連結(4)

• ADVISORYhttps://github.com/advisories/GHSA-gq98-53rq-qr5h
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-2121
• PATCHhttps://github.com/hashicorp/vault
• WEBhttps://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814