hashicorp

201 tracked vulnerabilities.

CVE-2024-6468 HIGH
Vault 1.10.0-1.15.11 - Denial of Service via Unauthorized IP Handling in proxy_protocol_behavior
Jul 11, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-6257 HIGH
HashiCorp's go-getter - Code Injection
Jun 25, 2024
CVSS 8.4
EPSS 0.00
CVE-2024-6104 MEDIUM
go-retryablehttp < 0.7.7 - Sensitive Information Disclosure via Log File
Jun 24, 2024
CVSS 6.0
EPSS 0.00
CVE-2024-5798 LOW
HashiCorp Vault 0.11.0-1.15.8 and 1.17.0-rc1 - Improper JWT Audience Claim Validation
Jun 12, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-2877 MEDIUM
Vault Enterprise 1.15.0-1.15.7 - Sensitive Information Disclosure in Audit Logs via Performance Standby Node
Apr 30, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-3817 CRITICAL
HashiCorp's go-getter - Code Injection
Apr 17, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-2660 MEDIUM
Vault 1.14.0-1.14.10 and 1.15.0-1.15.6 - Improper OCSP Response Validation
Apr 04, 2024
CVSS 6.4
EPSS 0.01
CVE-2024-2048 HIGH
Vault < 1.14.10 and 1.15.0-1.15.5 - Improper Certificate Validation in TLS Certificate Auth Method
Mar 04, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-1329 HIGH
HashiCorp Nomad 1.5.13-1.6.6 and 1.7.3 - Arbitrary File Write via Symlink Attack
Feb 08, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-1052 HIGH
Boundary 0.8.0-0.14.9 - Session Hijacking via TLS Certificate Tampering
Feb 05, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-0831 MEDIUM
Vault 1.15.0-1.15.4 - Sensitive Information Exposure via Audit Device Log Raw Option
Feb 01, 2024
CVSS 4.5
EPSS 0.00
CVE-2023-6337 HIGH
HashiCorp Vault <1.15.4-1.14.8-1.13.12 - DoS
Dec 08, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-5332 MEDIUM
GitLab 9.5.0-16.2.7 - Remote Code Execution via Consul Script Check Bypass
Dec 04, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-5954 MEDIUM
HashiCorp Vault < 1.13.10 - Denial of Service via Policy Check Memory Consumption
Nov 09, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-5834 LOW
HashiCorp Vagrant < 2.4.0 - Unauthorized File System Writes via Windows Junction
Oct 27, 2023
CVSS 3.8
EPSS 0.00
CVE-2023-5077 HIGH
HashiCorp Vault < 1.13.0 - Incorrect Privilege Assignment in Google Cloud Secrets Engine
Sep 29, 2023
CVSS 7.6
EPSS 0.00
CVE-2023-3775 MEDIUM
Vault 0.11.0-1.13.7 - Denial of Service via Sentinel Role Governing Policy
Sep 29, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-4680 MEDIUM
HashiCorp Vault <1.14.3-1.13.7-1.12.11 - Info Disclosure
Sep 15, 2023
CVSS 6.8
EPSS 0.02
CVE-2023-4782 MEDIUM
Terraform 1.0.8-1.5.6 - Arbitrary File Write during Init Operation
Sep 08, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-3518 HIGH
HashiCorp Consul <1.16.1 - Privilege Escalation
Aug 09, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-3462 MEDIUM
HashiCorp Vault < 1.13.5 - User Enumeration via LDAP Auth Method
Jul 31, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-3774 MEDIUM
Vault Enterprise - Denial of Service via Namespace Creation
Jul 28, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-3300 MEDIUM
HashiCorp Nomad <1.5.6-1.4.1 - Info Disclosure
Jul 20, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-3299 LOW
HashiCorp Nomad 1.2.11-1.5.6 and 1.4.10 - Sensitive Information Exposure in ACL Policy Block
Jul 20, 2023
CVSS 3.4
EPSS 0.00
CVE-2023-3072 MEDIUM
HashiCorp Nomad <1.5.6-1.4.10 - Info Disclosure
Jul 20, 2023
CVSS 4.1
EPSS 0.00
Products
vault 72 nomad 38 consul 36 go-getter 10 vagrant_vmware_fusion 7 boundary 6 terraform 5 terraform_enterprise 5 Vault 4 Vault Enterprise 4 vagrant 4 Tooling 3 Consul 2 Consul Enterprise 2 Nomad 2 Nomad Enterprise 2 Shared library 2 go-slug 2 sentinel 2 terraform_provider 2 Boundary 1 Boundary Enterprise 1 consul-template 1 consul_docker_image 1 consul_template 1 go-retryablehttp 1 hermes 1 nomad-driver-exec2 1 packer 1 retryablehttp 1
Quick Filters
Critical CVEs With Exploits In CISA KEV