Vault — Vulnerabilities & Security Advisories 37

All 37 CVE vulnerabilities found in Vault, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-4680	Vault's Transit Secrets Engine Allowed Nonce Specified without Convergent Encryption CWE-323	6.8	Medium	2023-09-14
CVE-2023-3462	Vault's LDAP Auth Method Allows for User Enumeration CWE-203	5.3	Medium	2023-07-31
CVE-2023-2121	Vault’s KV Diff Viewer Allowed for HTML Injection CWE-79	4.3	Medium	2023-06-09
CVE-2023-0620	Vault Vulnerable to SQL Injection When Configuring the Microsoft SQL Database Storage Backend CWE-89	6.5	Medium	2023-03-30
CVE-2023-0665	Vault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer Metadata CWE-285	6.5	Medium	2023-03-30
CVE-2023-25000	Vault Vulnerable to Cache-Timing Attacks During Seal and Unseal Operations CWE-208	5.0	Medium	2023-03-30
CVE-2023-24999	Vault Fails to Verify if the AppRole SecretID Belongs to Role During a Destroy Operation CWE-863	4.4	Medium	2023-03-10

All 37 known CVE vulnerabilities affecting Vault with full Chinese analysis, references, and POCs where available.