CVE-2023-0620: 
HashiCorp Vault vulnerability analysis and mitigation

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. The vulnerability, identified as CVE-2023-0620, was discovered and disclosed on March 29, 2023. The issue affects the MSSQL plugin configuration through local settings, where certain parameters are not properly sanitized when passed to the user-provided MSSQL database (HashiCorp Discuss).

When configuring MSSQL as a storage backend, several parameters are required to establish a connection to the target database, including username, password, schema, database, and table. The vulnerability exists because Vault considers these values to be trusted and does not sanitize the values for schema, database, and table parameters when establishing a connection between Vault and the database server. The vulnerability has been assigned a CVSS score of 6.7 (MEDIUM) with a vector of CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NetApp Security).

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands on the underlying database server through Vault. This could potentially lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS) (NetApp Security).

The vulnerability has been fixed in Vault versions 1.13.1, 1.12.5, and 1.11.9. Organizations using the MSSQL storage backend should evaluate the risk and consider upgrading to these patched versions or newer. HashiCorp recommends ensuring that Vault configuration files and storage backends are appropriately secured, as described in Vault's production hardening guidelines. Additionally, they suggest using HashiCorp-supported and highly-available storage backends such as integrated storage or Consul for production use (HashiCorp Discuss).