Home > Vulnerability Database > CVE-2023-0690

Mend.io Vulnerability Database

CVE-2023-0690

Good to know:

Date: February 8, 2023

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.

Language: Go

Severity Score

5.0

Related Resources (5)

Url: https://discuss.hashicorp.com/t/hcsec-2023-03-boundary-workers-store-rotated-credentials-in-plaintext-even-when-key-management-service-configured/49907

Url: https://github.com/advisories/GHSA-9vrm-v9xv-x3xr

Url: https://github.com/hashicorp/boundary

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-0690

Url: https://www.mend.io/vulnerability-database/CVE-2023-0690

Severity Score

5.0

Weakness Type (CWE)

Missing Encryption of Sensitive Data

CWE-311

Cleartext Storage of Sensitive Information

CWE-312

Top Fix

Upgrade Version

Upgrade to version v0.12.0

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-0690

Good to know:

Date: February 8, 2023

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?