Base Score

MEDIUM4.7

CVE-2023-25000

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.

VectorLOCAL

Published Bysecurity@hashicorp.com

Published DateMar 30, 2023, 01:15

Affected Versions(3)

github.com/hashicorp/vault(Go)

Introduced0

Fixed1.11.9

LimitN/A

github.com/hashicorp/vault(Go)

Introduced1.12.0

Fixed1.12.5

LimitN/A

github.com/hashicorp/vault(Go)

Introduced1.13.0

Fixed1.13.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/hashicorp/vault(Go)	0	1.11.9	N/A
github.com/hashicorp/vault(Go)	1.12.0	1.12.5	N/A
github.com/hashicorp/vault(Go)	1.13.0	1.13.1	N/A

Weakness Type (CWE):CWE-203

CVSS Metrics

Base Score

4.7

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

Base Score

MEDIUM4.7

Weakness Type (CWE):CWE-203

CVSS Metrics

Base Score

4.7

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE