CVE-2023-2121 (https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814): Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11. Please bump to 1.12.7.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f27bb9890be73dc891a805257a16a495f7fbfcaa commit f27bb9890be73dc891a805257a16a495f7fbfcaa Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2023-06-13 03:52:42 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2023-06-13 03:52:48 +0000 app-admin/vault: add 1.12.7 Bug: https://bugs.gentoo.org/908216 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 2 + app-admin/vault/vault-1.12.7.ebuild | 86 +++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+)
Thanks! Please stabilize when ready
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=caeddb0b2ac532e9aa7cb9f4d2de39f5ff075fbb commit caeddb0b2ac532e9aa7cb9f4d2de39f5ff075fbb Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2023-08-06 02:55:45 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2023-08-06 03:00:43 +0000 app-admin/vault: drop 1.12.5 Bug: https://bugs.gentoo.org/908216 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 2 - app-admin/vault/vault-1.12.5.ebuild | 86 ------------------------------------- 2 files changed, 88 deletions(-)
