hashicorp
201 tracked vulnerabilities.
CVE-2025-6004
MEDIUM
HashiCorp Vault 1.13.0-1.16.22, 1.17.0-1.19.6, 1.20.0 - User Lockout Bypass via Userpass and LDAP Authentication
Aug 01, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-6000
CRITICAL
HashiCorp Vault 0.8.0-1.16.22, 1.17.0-1.19.6, 1.20.0 - Authenticated RCE via Plugin Directory
Aug 01, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-5999
HIGH
HashiCorp Vault 0.10.4-1.19.5 Privilege Escalation via Root Namespace Identity Endpoint
Aug 01, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-4656
LOW
HashiCorp Vault DoS via Recovery Key Cancellation
Jun 25, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-4922
HIGH
Nomad 1.4.0-1.10.1 - Incorrect Privilege Assignment via Prefix-Based ACL Policy Lookup
Jun 11, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-3744
HIGH
Nomad Enterprise < 1.8.13 - Policy Override Bypass in Job Submissions
May 13, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-3879
MEDIUM
HashiCorp Vault - Incorrect Authorization via Azure Auth Method Bound Location Bypass
May 02, 2025
CVSS 6.6
EPSS 0.00
CVE-2025-4166
MEDIUM
HashiCorp Vault 0.3.0-1.19.2 and OpenBAO < 2.2.2 - Sensitive Information Exposure in KV v2 Plugin Error Logs
May 02, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-1296
MEDIUM
Nomad 1.0.0-1.7.18, 1.8.0-1.9.6 - Sensitive Token Exposure in Audit Logs
Mar 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-1293
HIGH
Hermes < 0.5.0 - Authentication Bypass via Improper AWS ALB JWT Validation
Feb 20, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-0937
HIGH
Nomad 1.0.0-1.7.17 and 1.8.0-1.9.5 - Incorrect Authorization via Wildcard Namespace Event Stream
Feb 12, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-0377
HIGH
HashiCorp's go-slug - Path Traversal
Jan 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-12678
MEDIUM
Nomad 1.4.0-1.7.15, 1.8.0-1.9.3 - Privilege Escalation via Unredacted Workload Identity Token
Dec 20, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-12289
MEDIUM
Boundary 0.8.0-0.16.3 and 0.17.0-0.18.1 - Denial of Service via Controller Initialization HTTP Request Handling
Dec 12, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-10975
HIGH
Nomad 1.3.0-1.7.14, 1.8.0-1.9.1 - Unauthorized Cross-Namespace Volume Creation via CSI Write Permission
Nov 07, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-8185
HIGH
HashiCorp Vault 1.2.0-1.18.0 and OpenBAO < 2.0.3 - Denial of Service via Raft Cluster Join API Endpoint
Oct 31, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-10086
MEDIUM
Consul 1.4.1-1.15.14, 1.16.0-1.19.9 - Reflected Cross-Site Scripting via Content-Type Header Manipulation
Oct 30, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-10006
HIGH
Consul 1.4.1-1.20.0 and 1.9.0-1.15.14 - HTTP Header Bypass via L7 Traffic Intentions
Oct 30, 2024
CVSS 8.3
EPSS 0.00
CVE-2024-10005
HIGH
HashiCorp Consul L7 Traffic Intentions - URL Path Access Rule Bypass
Oct 30, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-10228
LOW
Vagrant VMWare Utility <1.0.23 - Privilege Escalation
Oct 29, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-9180
HIGH
OpenBao < 2.0.3 and Vault 1.17.7-1.17.6, 1.18.0-1.17.9, <1.18.0 - Privilege Escalation via Identity Endpoint
Oct 10, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-7594
HIGH
Hashicorp Vault < 1.15.15 - Incorrect Permission Assignment
Sep 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-8365
MEDIUM
HashiCorp Vault < 1.16.9, < 1.17.5 - Sensitive Information Disclosure in Audit Logs
Sep 02, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-7625
MEDIUM
HashiCorp Nomad <1.6.13-1.8.2 - Write Outside Allocation Directory
Aug 15, 2024
CVSS 5.8
EPSS 0.00
CVE-2024-6717
HIGH
HashiCorp Nomad <1.7.9 - Path Traversal
Jul 23, 2024
CVSS 7.7
EPSS 0.00
Products
vault 72
nomad 38
consul 36
go-getter 10
vagrant_vmware_fusion 7
boundary 6
terraform 5
terraform_enterprise 5
Vault 4
Vault Enterprise 4
vagrant 4
Tooling 3
Consul 2
Consul Enterprise 2
Nomad 2
Nomad Enterprise 2
Shared library 2
go-slug 2
sentinel 2
terraform_provider 2
Boundary 1
Boundary Enterprise 1
consul-template 1
consul_docker_image 1
consul_template 1
go-retryablehttp 1
hermes 1
nomad-driver-exec2 1
packer 1
retryablehttp 1
Quick Filters