CVE-2023-2121

Name of the Vulnerable Software and Affected Versions Hashicorp Vault versions prior to 1.11.11 Hashicorp Vault versions prior to 1.12.7 Hashicorp Vault versions prior to 1.13.3 Hashicorp Vault versions prior to 1.14.0

Description The key-value v2 (kv-v2) diff viewer in Vault allowed HTML injection into the Vault web UI through key values.

Recommendations For versions prior to 1.11.11, update to version 1.11.11 or later. For versions prior to 1.12.7, update to version 1.12.7 or later. For versions prior to 1.13.3, update to version 1.13.3 or later. For versions prior to 1.14.0, update to version 1.14.0 or later.