{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-3462", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2023-06-29T19:00:52.239Z", "datePublished": "2023-07-31T22:40:23.432Z", "dateUpdated": "2024-10-21T18:04:40.093Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2023-07-31T22:40:23.432Z"}, "title": "Vault's LDAP Auth Method Allows for User Enumeration", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575 Account Footprinting"}]}], "affected": [{"vendor": "HashiCorp", "product": "Vault", "platforms": ["Windows", "MacOS", "Linux", "x86", "64 bit", "32 bit", "ARM"], "repo": "https://github.com/hashicorp/vault", "versions": [{"status": "affected", "version": "1.13.0", "lessThanOrEqual": "1.13.4", "versionType": "semver"}, {"status": "affected", "version": "1.14.0"}], "defaultStatus": "affected"}, {"vendor": "HashiCorp", "product": "Vault Enterprise", "platforms": ["Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit"], "versions": [{"status": "affected", "version": "1.13.0", "lessThanOrEqual": "1.13.4", "versionType": "semver"}, {"status": "affected", "version": "1.14.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5."}]}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "credits": [{"lang": "en", "value": "Jared Johnstone", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.557Z"}, "title": "CVE Program Container", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-21T18:04:26.770286Z", "id": "CVE-2023-3462", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T18:04:40.093Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:55:03.557Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-3462", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T18:04:26.770286Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T18:04:35.640Z"}}], "cna": {"title": "Vault's LDAP Auth Method Allows for User Enumeration", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jared Johnstone"}], "impacts": [{"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575 Account Footprinting"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/hashicorp/vault", "vendor": "HashiCorp", "product": "Vault", "versions": [{"status": "affected", "version": "1.13.0", "versionType": "semver", "lessThanOrEqual": "1.13.4"}, {"status": "affected", "version": "1.14.0"}], "platforms": ["Windows", "MacOS", "Linux", "x86", "64 bit", "32 bit", "ARM"], "defaultStatus": "affected"}, {"vendor": "HashiCorp", "product": "Vault Enterprise", "versions": [{"status": "affected", "version": "1.13.0", "versionType": "semver", "lessThanOrEqual": "1.13.4"}, {"status": "affected", "version": "1.14.0"}], "platforms": ["Windows", "MacOS", "Linux", "x86", "ARM", "64 bit", "32 bit"], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"}], "descriptions": [{"lang": "en", "value": "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.", "supportingMedia": [{"type": "text/html", "value": "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2023-07-31T22:40:23.432Z"}}}, "cveMetadata": {"cveId": "CVE-2023-3462", "state": "PUBLISHED", "dateUpdated": "2024-10-21T18:04:40.093Z", "dateReserved": "2023-06-29T19:00:52.239Z", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "datePublished": "2023-07-31T22:40:23.432Z", "assignerShortName": "HashiCorp"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:-:*:*:*", "matchCriteriaId": "DF8B4175-8E60-4169-9D10-FE924EB1516C", "versionEndExcluding": "1.13.5", "versionStartIncluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "EBC19EB3-A5B0-4165-BB49-763953AC2369", "versionEndExcluding": "1.13.5", "versionStartIncluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:-:*:*:*", "matchCriteriaId": "3DFB14EC-487C-454C-A712-10085D897748", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:vault:1.14.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "DB12634A-9B34-44C0-AC11-11120295E3F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5."}], "id": "CVE-2023-3462", "lastModified": "2023-08-04T16:50:04.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2023-07-31T23:15:10.360", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "security@hashicorp.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7599", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "openshift4/ose-installer-rhel9:v4.16.0-202410011135.p0.ge8f8bf9.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-10-09T00:00:00Z"}, {"advisory": "RHSA-2024:7922", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "openshift4/ose-installer-rhel9:v4.17.0-202410090834.p0.gec752c1.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2023:6832", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package": "odf4/rook-ceph-rhel9-operator:v4.14.0-71", "product_name": "RHODF-4.14-RHEL-9", "release_date": "2023-11-08T00:00:00Z"}, {"advisory": "RHSA-2024:1383", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-rhel9-operator:v4.15.0-19", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2024-03-19T00:00:00Z"}], "bugzilla": {"description": "Hashicorp/vault: Vault\u2019s LDAP Auth Method Allows for User Enumeration", "id": "2228020", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228020"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-203", "details": ["HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.", "A flaw was found in the HashiCorp Vault. The Vault and Vault Enterprise (\u201cVault\u201d) LDAP auth method allows unauthenticated users to potentially enumerate valid accounts in the configured LDAP system by observing the response error when querying usernames."], "name": "CVE-2023-3462", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/topology-aware-lifecycle-manager-rhel8-operator", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/cephcsi-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/cephcsi-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/mcg-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/ocs-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf4/odf-multicluster-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/odr-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "odf/odf-multicluster-rhel8-operator", "product_name": "Red Hat Openshift Data Foundation 4"}], "public_date": "2023-07-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-3462\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3462\nhttps://discuss.hashicorp.com/t/hcsec-2023-24-vaults-ldap-auth-method-allows-for-user-enumeration/56714"], "threat_severity": "Moderate", "upstream_fix": "vault 1.14.1, vault 1.13.5"}