Yuval Ostrovsky

**Name of the Vulnerable Software and Affected Versions** HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 **Description** The issue is related to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. Certain parameters are not sanitized when passed to the user-provided MSSQL database, allowing an attacker to modify these parameters and execute a malicious SQL command. This can occur when configuring the MSSQL plugin through the local configuration. **Recommendations** For versions 0.8.0 through 1.13.0, update to version 1.13.1, 1.12.5, or 1.11.9 to resolve the issue. As a temporary workaround, consider restricting access to the MSSQL Database Storage Backend configuration to minimize the risk of exploitation.