BIT-vault-2023-0665
Denial of Service vulnerability in vault (Go)
What is BIT-vault-2023-0665 About?
HashiCorp Vault's PKI mount is vulnerable to a denial of service attack. This flaw can be triggered in the PKI mount, making the service unavailable to legitimate users. Exploitation would likely involve specific interactions with the PKI certificate generation or revocation mechanisms.
Affected Software
- github.com/hashicorp/vault
- >1.12.0, <1.12.5
- <1.11.9
- >1.13.0, <1.13.1
Technical Details
This vulnerability affects HashiCorp Vault's PKI (Public Key Infrastructure) mount. The flaw allows an attacker to trigger a Denial of Service condition within this specific component. This could occur through various mechanisms, such as maliciously crafted certificate requests, excessive revocation requests, or by exploiting logical flaws in how the PKI mount processes or stores certificate-related data, leading to resource exhaustion, crashes, or an unresponsive state for the PKI services within Vault. This effectively prevents new certificates from being issued or existing ones from being managed.
What is the Impact of BIT-vault-2023-0665?
Successful exploitation may allow attackers to disrupt the functionality of the PKI mount, preventing the issuance, renewal, or revocation of certificates, leading to a denial of service for services relying on Vault's PKI.
What is the Exploitability of BIT-vault-2023-0665?
Exploitation complexity is likely moderate to high, as it requires an understanding of the intricacies of Vault's PKI mount. It may require authenticated access to Vault with permissions to interact with the PKI mount (e.g., issue or revoke certificates), though some denial of service attacks can be unauthenticated depending on the specific flaw. Privilege requirements would likely involve being an authenticated user with at least read/write access to the PKI mount. This can be a remote vulnerability, as interaction with the PKI mount typically happens over the network. The primary special condition is the active use and configuration of the PKI mount within Vault, which an attacker would target.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-vault-2023-0665?
Available Upgrade Options
- github.com/hashicorp/vault
- <1.11.9 → Upgrade to 1.11.9
- github.com/hashicorp/vault
- >1.12.0, <1.12.5 → Upgrade to 1.12.5
- github.com/hashicorp/vault
- >1.13.0, <1.13.1 → Upgrade to 1.13.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1
- https://github.com/advisories/GHSA-hwc3-3qh6-r4gg
- https://osv.dev/vulnerability/GO-2023-1708
- https://github.com/hashicorp/vault
- https://nvd.nist.gov/vuln/detail/CVE-2023-0665
- https://discuss.hashicorp.com/t/hcsec-2023-11-vault-s-pki-issuer-endpoint-did-not-correctly-authorize-access-to-issuer-metadata/52079/1
- https://security.netapp.com/advisory/ntap-20230526-0008
- https://security.netapp.com/advisory/ntap-20230526-0008/
- https://osv.dev/vulnerability/GHSA-hwc3-3qh6-r4gg
What are Similar Vulnerabilities to BIT-vault-2023-0665?
Similar Vulnerabilities: CVE-2023-44487 , CVE-2021-22946 , CVE-2022-29241 , CVE-2023-29437 , CVE-2023-45803
