{
  "threat_severity" : "Moderate",
  "public_date" : "2023-03-30T00:00:00Z",
  "bugzilla" : {
    "description" : "vault: Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File",
    "id" : "2184663",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2184663"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-89",
  "details" : [ "HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command.\nThis issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.", "A flaw was found in HashiCorp Vault and Vault Enterprise, which are vulnerable to SQL injection. This flaw allows a local authenticated attacker to send specially-crafted SQL statements to the Microsoft SQL (MSSQL) Database Storage Backend, which could allow the attacker to view, add, modify, or delete information in the backend database." ],
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4.13",
    "release_date" : "2023-05-17T00:00:00Z",
    "advisory" : "RHSA-2023:1326",
    "cpe" : "cpe:/a:redhat:openshift:4.13::el8",
    "package" : "openshift4/ose-installer:v4.13.0-202305091542.p0.g44db7b2.assembly.stream"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.14",
    "release_date" : "2023-10-31T00:00:00Z",
    "advisory" : "RHSA-2023:5006",
    "cpe" : "cpe:/a:redhat:openshift:4.14::el8",
    "package" : "openshift4/ose-installer:v4.14.0-202310201027.p0.g03546e5.assembly.stream"
  }, {
    "product_name" : "RHODF-4.13-RHEL-9",
    "release_date" : "2023-06-21T00:00:00Z",
    "advisory" : "RHSA-2023:3742",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.13::el9",
    "package" : "odf4/ocs-rhel9-operator:v4.13.0-67"
  }, {
    "product_name" : "RHODF-4.13-RHEL-9",
    "release_date" : "2023-06-21T00:00:00Z",
    "advisory" : "RHSA-2023:3742",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.13::el9",
    "package" : "odf4/odf-rhel9-operator:v4.13.0-24"
  } ],
  "package_state" : [ {
    "product_name" : "Logging Subsystem for Red Hat OpenShift",
    "fix_state" : "Not affected",
    "package_name" : "openshift-logging/logging-loki-rhel8",
    "cpe" : "cpe:/a:redhat:logging:5"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/topology-aware-lifecycle-manager-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Out of support scope",
    "package_name" : "ocs4/cephcsi-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Out of support scope",
    "package_name" : "ocs4/mcg-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Out of support scope",
    "package_name" : "ocs4/ocs-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Out of support scope",
    "package_name" : "ocs4/rook-ceph-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Affected",
    "package_name" : "ocs4/ocs-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/cephcsi-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Affected",
    "package_name" : "odf4/mcg-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Will not fix",
    "package_name" : "odf4/odf-multicluster-rhel9-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/odr-rhel9-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Affected",
    "package_name" : "odf4/rook-ceph-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-0620\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0620\nhttps://discuss.hashicorp.com/t/hcsec-2023-12-vault-s-microsoft-sql-database-storage-backend-vulnerable-to-sql-injection-via-configuration-file/52080" ],
  "name" : "CVE-2023-0620",
  "csaw" : false
}