CVE-2023-0690
Last modified
CVE-2023-0690 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp | Boundary | >= 0.10.0, < 0.12.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-0690?
How severe is CVE-2023-0690?
How do I fix CVE-2023-0690?
Are you affected by CVE-2023-0690?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST