CVE-2023-2121 Information

Description

Vault and Vault Enterprise’s (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability CVE-2023-2121 is fixed in Vault 1.14.0 1.13.3 1.12.7 and 1.11.11.

Reference

https://discuss.hashicorp.com/t/hcsec-2023-17-vault-s-kv-diff-viewer-allowed-html-injection/54814