{"uuid": "eecf16a5-810c-4d1e-a1d2-6c28964d9211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2197", "type": "seen", "source": "https://t.me/cibsecurity/63145", "content": "\u203c CVE-2023-2197 \u203c\n\nHashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the\u00c2\u00a0CKM_AES_CBC_PAD or\u00c2\u00a0CKM_AES_CBC encryption mechanisms.\u00c2\u00a0An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault\u00e2\u20ac\u2122s root key. Fixed in 1.13.2\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-02T00:29:39.000000Z"}