Hashicorp · Hashicorp Vault · CVE-2023-2121
**Name of the Vulnerable Software and Affected Versions**
Hashicorp Vault versions prior to 1.11.11
Hashicorp Vault versions prior to 1.12.7
Hashicorp Vault versions prior to 1.13.3
Hashicorp Vault versions prior to 1.14.0
**Description**
The key-value v2 (kv-v2) diff viewer in Vault allowed HTML injection into the Vault web UI through key values.
**Recommendations**
For versions prior to 1.11.11, update to version 1.11.11 or later.
For versions prior to 1.12.7, update to version 1.12.7 or later.
For versions prior to 1.13.3, update to version 1.13.3 or later.
For versions prior to 1.14.0, update to version 1.14.0 or later.