hashicorp

208 tracked vulnerabilities.

CVE-2024-10005 HIGH
HashiCorp Consul L7 Traffic Intentions - URL Path Access Rule Bypass
Oct 30, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-10228 LOW
Vagrant VMWare Utility <1.0.23 - Privilege Escalation
Oct 29, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-9180 HIGH
OpenBao < 2.0.3 and Vault 1.17.7-1.17.6, 1.18.0-1.17.9, <1.18.0 - Privilege Escalation via Identity Endpoint
Oct 10, 2024
CVSS 7.2
EPSS 0.01
CVE-2024-7594 HIGH
Hashicorp Vault < 1.15.15 - Incorrect Permission Assignment
Sep 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-8365 MEDIUM
HashiCorp Vault < 1.16.9, < 1.17.5 - Sensitive Information Disclosure in Audit Logs
Sep 02, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-7625 MEDIUM
HashiCorp Nomad <1.6.13-1.8.2 - Write Outside Allocation Directory
Aug 15, 2024
CVSS 5.8
EPSS 0.00
CVE-2024-6717 HIGH
HashiCorp Nomad <1.7.9 - Path Traversal
Jul 23, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-6468 HIGH
Vault 1.10.0-1.15.11 - Denial of Service via Unauthorized IP Handling in proxy_protocol_behavior
Jul 11, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-6257 HIGH
HashiCorp's go-getter - Code Injection
Jun 25, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-6104 MEDIUM
go-retryablehttp < 0.7.7 - Sensitive Information Disclosure via Log File
Jun 24, 2024
CVSS 6.0
EPSS 0.00
CVE-2024-5798 LOW
HashiCorp Vault 0.11.0-1.15.8 and 1.17.0-rc1 - Improper JWT Audience Claim Validation
Jun 12, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-2877 MEDIUM
Vault Enterprise 1.15.0-1.15.7 - Sensitive Information Disclosure in Audit Logs via Performance Standby Node
Apr 30, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-3817 CRITICAL
HashiCorp's go-getter - Code Injection
Apr 17, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-2660 MEDIUM
Vault 1.14.0-1.14.10 and 1.15.0-1.15.6 - Improper OCSP Response Validation
Apr 04, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-2048 HIGH
Vault < 1.14.10 and 1.15.0-1.15.5 - Improper Certificate Validation in TLS Certificate Auth Method
Mar 04, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-1329 HIGH
HashiCorp Nomad 1.5.13-1.6.6 and 1.7.3 - Arbitrary File Write via Symlink Attack
Feb 08, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-1052 HIGH
Boundary 0.8.0-0.14.9 - Session Hijacking via TLS Certificate Tampering
Feb 05, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-0831 MEDIUM
Vault 1.15.0-1.15.4 - Sensitive Information Exposure via Audit Device Log Raw Option
Feb 01, 2024
CVSS 4.5
EPSS 0.01
CVE-2023-6337 HIGH
HashiCorp Vault <1.15.4-1.14.8-1.13.12 - DoS
Dec 08, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-5332 MEDIUM
GitLab 9.5.0-16.2.7 - Remote Code Execution via Consul Script Check Bypass
Dec 04, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-5954 MEDIUM
HashiCorp Vault < 1.13.10 - Denial of Service via Policy Check Memory Consumption
Nov 09, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-5834 LOW
HashiCorp Vagrant < 2.4.0 - Unauthorized File System Writes via Windows Junction
Oct 27, 2023
CVSS 3.8
EPSS 0.00
CVE-2023-5077 HIGH
HashiCorp Vault < 1.13.0 - Incorrect Privilege Assignment in Google Cloud Secrets Engine
Sep 29, 2023
CVSS 7.6
EPSS 0.00
CVE-2023-3775 MEDIUM
Vault 0.11.0-1.13.7 - Denial of Service via Sentinel Role Governing Policy
Sep 29, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-4680 MEDIUM
HashiCorp Vault <1.14.3-1.13.7-1.12.11 - Info Disclosure
Sep 15, 2023
CVSS 6.8
EPSS 0.00