hashicorp
208 tracked vulnerabilities.
CVE-2024-10005
HIGH
HashiCorp Consul L7 Traffic Intentions - URL Path Access Rule Bypass
Oct 30, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-10228
LOW
Vagrant VMWare Utility <1.0.23 - Privilege Escalation
Oct 29, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-9180
HIGH
OpenBao < 2.0.3 and Vault 1.17.7-1.17.6, 1.18.0-1.17.9, <1.18.0 - Privilege Escalation via Identity Endpoint
Oct 10, 2024
CVSS 7.2
EPSS 0.01
CVE-2024-7594
HIGH
Hashicorp Vault < 1.15.15 - Incorrect Permission Assignment
Sep 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-8365
MEDIUM
HashiCorp Vault < 1.16.9, < 1.17.5 - Sensitive Information Disclosure in Audit Logs
Sep 02, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-7625
MEDIUM
HashiCorp Nomad <1.6.13-1.8.2 - Write Outside Allocation Directory
Aug 15, 2024
CVSS 5.8
EPSS 0.00
CVE-2024-6717
HIGH
HashiCorp Nomad <1.7.9 - Path Traversal
Jul 23, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-6468
HIGH
Vault 1.10.0-1.15.11 - Denial of Service via Unauthorized IP Handling in proxy_protocol_behavior
Jul 11, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-6257
HIGH
HashiCorp's go-getter - Code Injection
Jun 25, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-6104
MEDIUM
go-retryablehttp < 0.7.7 - Sensitive Information Disclosure via Log File
Jun 24, 2024
CVSS 6.0
EPSS 0.00
CVE-2024-5798
LOW
HashiCorp Vault 0.11.0-1.15.8 and 1.17.0-rc1 - Improper JWT Audience Claim Validation
Jun 12, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-2877
MEDIUM
Vault Enterprise 1.15.0-1.15.7 - Sensitive Information Disclosure in Audit Logs via Performance Standby Node
Apr 30, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-3817
CRITICAL
HashiCorp's go-getter - Code Injection
Apr 17, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-2660
MEDIUM
Vault 1.14.0-1.14.10 and 1.15.0-1.15.6 - Improper OCSP Response Validation
Apr 04, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-2048
HIGH
Vault < 1.14.10 and 1.15.0-1.15.5 - Improper Certificate Validation in TLS Certificate Auth Method
Mar 04, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-1329
HIGH
HashiCorp Nomad 1.5.13-1.6.6 and 1.7.3 - Arbitrary File Write via Symlink Attack
Feb 08, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-1052
HIGH
Boundary 0.8.0-0.14.9 - Session Hijacking via TLS Certificate Tampering
Feb 05, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-0831
MEDIUM
Vault 1.15.0-1.15.4 - Sensitive Information Exposure via Audit Device Log Raw Option
Feb 01, 2024
CVSS 4.5
EPSS 0.01
CVE-2023-6337
HIGH
HashiCorp Vault <1.15.4-1.14.8-1.13.12 - DoS
Dec 08, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-5332
MEDIUM
GitLab 9.5.0-16.2.7 - Remote Code Execution via Consul Script Check Bypass
Dec 04, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-5954
MEDIUM
HashiCorp Vault < 1.13.10 - Denial of Service via Policy Check Memory Consumption
Nov 09, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-5834
LOW
HashiCorp Vagrant < 2.4.0 - Unauthorized File System Writes via Windows Junction
Oct 27, 2023
CVSS 3.8
EPSS 0.00
CVE-2023-5077
HIGH
HashiCorp Vault < 1.13.0 - Incorrect Privilege Assignment in Google Cloud Secrets Engine
Sep 29, 2023
CVSS 7.6
EPSS 0.00
CVE-2023-3775
MEDIUM
Vault 0.11.0-1.13.7 - Denial of Service via Sentinel Role Governing Policy
Sep 29, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-4680
MEDIUM
HashiCorp Vault <1.14.3-1.13.7-1.12.11 - Info Disclosure
Sep 15, 2023
CVSS 6.8
EPSS 0.00
Products
vault 72
nomad 38
consul 36
go-getter 10
vagrant_vmware_fusion 7
boundary 6
Nomad 5
Nomad Enterprise 5
Vault 5
Vault Enterprise 5
terraform 5
terraform_enterprise 5
Tooling 4
vagrant 4
Shared library 3
Consul 2
Consul Enterprise 2
go-slug 2
sentinel 2
terraform_provider 2
Boundary 1
Boundary Enterprise 1
Terraform Enterprise 1
consul-template 1
consul_docker_image 1
consul_template 1
go-retryablehttp 1
hermes 1
nomad-driver-exec2 1
packer 1
Quick Filters