Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API encryption keys, passwords, and certificates. The vulnerability was an SQL injection vulnerability that potentially could lead to a Remote Code Execution (RCE). Oxeye reported this vulnerability to HashiCorp, and the team quickly patched it in versions 1.13.1, 1.12.5, and 1.11.9. of Vault. HashiCorp Vault HashiCorp Vault provides encryption services for modern, microservices-based … More
The post HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620) appeared first on Help Net Security.