Headline
GHSA-gq98-53rq-qr5h: Hashicorp Vault vulnerable to Cross-site Scripting
Vault and Vault Enterprise’s (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.
Hashicorp Vault vulnerable to Cross-site Scripting
Moderate severity GitHub Reviewed Published Jun 9, 2023 to the GitHub Advisory Database • Updated Jun 9, 2023
Related news
CVE-2023-2121: HCSEC-2023-17 - Vault’s KV Diff Viewer Allowed HTML Injection
Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.