hashicorp
208 tracked vulnerabilities.
CVE-2023-4782
MEDIUM
Terraform 1.0.8-1.5.6 - Arbitrary File Write during Init Operation
Sep 08, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-3518
HIGH
HashiCorp Consul <1.16.1 - Privilege Escalation
Aug 09, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-3462
MEDIUM
HashiCorp Vault < 1.13.5 - User Enumeration via LDAP Auth Method
Jul 31, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-3774
MEDIUM
Vault Enterprise - Denial of Service via Namespace Creation
Jul 28, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-3300
MEDIUM
HashiCorp Nomad <1.5.6-1.4.1 - Info Disclosure
Jul 20, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-3299
LOW
HashiCorp Nomad 1.2.11-1.5.6 and 1.4.10 - Sensitive Information Exposure in ACL Policy Block
Jul 20, 2023
CVSS 3.4
EPSS 0.00
CVE-2023-3072
MEDIUM
HashiCorp Nomad <1.5.6-1.4.10 - Info Disclosure
Jul 20, 2023
CVSS 4.1
EPSS 0.00
CVE-2023-3114
MEDIUM
Terraform Enterprise <202306-1 - Privilege Escalation
Jun 22, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-2121
MEDIUM
Vault < 1.11.11 - Cross-Site Scripting in KV v2 Diff Viewer
Jun 09, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-2816
HIGH
Consul 1.15.0-1.15.3 - Incorrect Privilege Assignment via Envoy Extension Downstream Proxy Configuration
Jun 02, 2023
CVSS 8.7
EPSS 0.01
CVE-2023-1297
MEDIUM
Consul 1.13.0-1.14.4 and 1.14.5-1.15.2 - Denial of Service via Cluster Peering
Jun 02, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-2197
LOW
HashiCorp Vault Enterprise <1.13.2 - Info Disclosure
May 01, 2023
CVSS 2.5
EPSS 0.00
CVE-2023-1782
CRITICAL
HashiCorp Nomad <1.5.3 - Auth Bypass
Apr 05, 2023
CVSS 9.9
EPSS 0.01
CVE-2023-25000
MEDIUM
HashiCorp Vault <1.13.1-1.12.5-1.11.9 - Info Disclosure
Mar 30, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-0665
MEDIUM
HashiCorp Vault < 1.11.9 - Improper Authorization in PKI Issuer Endpoint
Mar 30, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-0620
MEDIUM
HashiCorp Vault 0.8.0-1.13.1 - SQL Injection via MSSQL Database Storage Backend Configuration
Mar 30, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-1299
HIGH
Nomad 1.5.0 - Privilege Escalation via Workload Identity and Task API
Mar 14, 2023
CVSS 7.4
EPSS 0.01
CVE-2023-1296
LOW
HashiCorp Nomad 1.4.0-1.5.0 - Incorrect Access Control in Variable Deny Policies
Mar 14, 2023
CVSS 2.7
EPSS 0.01
CVE-2023-24999
MEDIUM
HashiCorp Vault < 1.10.11 - Authenticated Incorrect Authorization via AppRole Secret ID Destroy Endpoint
Mar 11, 2023
CVSS 4.4
EPSS 0.01
CVE-2023-0845
MEDIUM
Consul 1.14.0-1.14.5 - Authenticated Denial of Service via Ingress and API Gateway Configuration
Mar 09, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-0821
MEDIUM
HashiCorp Nomad <1.3.8-1.4.3 - Info Disclosure
Feb 16, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-0475
MEDIUM
HashiCorp go-getter <1.7.0, <2.2.0 - Decompression Bomb
Feb 16, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-0690
MEDIUM
HashiCorp Boundary 0.10.0-0.11.2 - Cleartext Storage of Sensitive Information in PKI Worker Credentials
Feb 08, 2023
CVSS 5.0
EPSS 0.00
CVE-2022-3920
MEDIUM
HashiCorp Consul 1.13.0-1.13.3 - Unauthenticated Information Disclosure via UI Endpoints
Nov 16, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-3867
LOW
HashiCorp Nomad <1.4.2 - Info Disclosure
Nov 10, 2022
CVSS 2.7
EPSS 0.00
Products
vault 72
nomad 38
consul 36
go-getter 10
vagrant_vmware_fusion 7
boundary 6
Nomad 5
Nomad Enterprise 5
Vault 5
Vault Enterprise 5
terraform 5
terraform_enterprise 5
Tooling 4
vagrant 4
Shared library 3
Consul 2
Consul Enterprise 2
go-slug 2
sentinel 2
terraform_provider 2
Boundary 1
Boundary Enterprise 1
Terraform Enterprise 1
consul-template 1
consul_docker_image 1
consul_template 1
go-retryablehttp 1
hermes 1
nomad-driver-exec2 1
packer 1
Quick Filters