CVE-2023-3774 MEDIUM

CVE-2023-3774: Vault Enterprise Namespace Creation May Lead to Denial of Service

Vendor Hashicorp
Product Vault Enterprise
Weakness CWE-248
Published July 28, 2023
Last update October 22, 2024

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.

Key dates

02Disclosure timeline

July 28, 2023 CVE published
October 22, 2024 Record updated