CVE-2023-4680

MEDIUM

HashiCorp Vault <1.14.3-1.13.7-1.12.11 - Info Disclosure

Title source: llm

Description

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.

References (1)

Core 1

Core References

Vendor Advisory

https://discuss.hashicorp.com/t/hcsec-2023-28-vault-s-transit-secrets-engine-allowed-nonce-specified-without-convergent-encryption/58249

Scores

CVSS v3 6.8

EPSS 0.0152

EPSS Percentile 81.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20 CWE-323

Status published

Products (2)

hashicorp/vault 1.6.0 - 1.12.11 (2 CPE variants)

hashicorp/vault 1.6.0 - 1.12.11Go

Published Sep 15, 2023

Tracked Since Feb 18, 2026