VYPR
Moderate severityNVD Advisory· Published Jun 9, 2023· Updated Jan 6, 2025

Vault’s KV Diff Viewer Allowed for HTML Injection

CVE-2023-2121

Description

Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/vaultGo
< 1.11.111.11.11
github.com/hashicorp/vaultGo
>= 1.12.0, < 1.12.71.12.7
github.com/hashicorp/vaultGo
>= 1.13.0, < 1.13.31.13.3

Affected products

22

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.