hashicorp

201 tracked vulnerabilities.

CVE-2023-3114 MEDIUM
Terraform Enterprise <202306-1 - Privilege Escalation
Jun 22, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-2121 MEDIUM
Vault < 1.11.11 - Cross-Site Scripting in KV v2 Diff Viewer
Jun 09, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-2816 HIGH
Consul 1.15.0-1.15.3 - Incorrect Privilege Assignment via Envoy Extension Downstream Proxy Configuration
Jun 02, 2023
CVSS 8.7
EPSS 0.00
CVE-2023-1297 MEDIUM
Consul 1.13.0-1.14.4 and 1.14.5-1.15.2 - Denial of Service via Cluster Peering
Jun 02, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-2197 LOW
HashiCorp Vault Enterprise <1.13.2 - Info Disclosure
May 01, 2023
CVSS 2.5
EPSS 0.00
CVE-2023-1782 CRITICAL
HashiCorp Nomad <1.5.3 - Auth Bypass
Apr 05, 2023
CVSS 9.9
EPSS 0.00
CVE-2023-25000 MEDIUM
HashiCorp Vault <1.13.1-1.12.5-1.11.9 - Info Disclosure
Mar 30, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-0665 MEDIUM
HashiCorp Vault < 1.11.9 - Improper Authorization in PKI Issuer Endpoint
Mar 30, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-0620 MEDIUM
HashiCorp Vault 0.8.0-1.13.1 - SQL Injection via MSSQL Database Storage Backend Configuration
Mar 30, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-1299 HIGH
Nomad 1.5.0 - Privilege Escalation via Workload Identity and Task API
Mar 14, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-1296 LOW
HashiCorp Nomad 1.4.0-1.5.0 - Incorrect Access Control in Variable Deny Policies
Mar 14, 2023
CVSS 2.7
EPSS 0.00
CVE-2023-24999 MEDIUM
HashiCorp Vault < 1.10.11 - Authenticated Incorrect Authorization via AppRole Secret ID Destroy Endpoint
Mar 11, 2023
CVSS 4.4
EPSS 0.00
CVE-2023-0845 MEDIUM
Consul 1.14.0-1.14.5 - Authenticated Denial of Service via Ingress and API Gateway Configuration
Mar 09, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-0821 MEDIUM
HashiCorp Nomad <1.3.8-1.4.3 - Info Disclosure
Feb 16, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-0475 MEDIUM
HashiCorp go-getter <1.7.0, <2.2.0 - Decompression Bomb
Feb 16, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-0690 MEDIUM
HashiCorp Boundary 0.10.0-0.11.2 - Cleartext Storage of Sensitive Information in PKI Worker Credentials
Feb 08, 2023
CVSS 5.0
EPSS 0.00
CVE-2022-3920 MEDIUM
HashiCorp Consul 1.13.0-1.13.3 - Unauthenticated Information Disclosure via UI Endpoints
Nov 16, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-3867 LOW
HashiCorp Nomad <1.4.2 - Info Disclosure
Nov 10, 2022
CVSS 2.7
EPSS 0.00
CVE-2022-3866 MEDIUM
HashiCorp Nomad <1.4.2 - Info Disclosure
Nov 10, 2022
CVSS 5.0
EPSS 0.00
CVE-2022-36182 MEDIUM
Hashicorp Boundary < 0.11.0 - Clickjacking
Oct 27, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-41316 MEDIUM
HashiCorp Vault <1.12.0-1.9.10 - Info Disclosure
Oct 12, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-41606 MEDIUM
HashiCorp Nomad <1.2.12, <1.3.5 - DoS
Oct 12, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-42717 HIGH
Vagrant < 2.3.1 - Local Privilege Escalation via Sudoers Configuration
Oct 11, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-40716 MEDIUM
HashiCorp Consul <1.11.8-1.13.1 - Privilege Escalation
Sep 23, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-40186 CRITICAL
HashiCorp Vault < 1.9.9 and 1.11.0-1.11.3 - Authorization Bypass via Entity Alias Metadata Overwrite
Sep 22, 2022
CVSS 9.1
EPSS 0.00
Products
vault 72 nomad 38 consul 36 go-getter 10 vagrant_vmware_fusion 7 boundary 6 terraform 5 terraform_enterprise 5 Vault 4 Vault Enterprise 4 vagrant 4 Tooling 3 Consul 2 Consul Enterprise 2 Nomad 2 Nomad Enterprise 2 Shared library 2 go-slug 2 sentinel 2 terraform_provider 2 Boundary 1 Boundary Enterprise 1 consul-template 1 consul_docker_image 1 consul_template 1 go-retryablehttp 1 hermes 1 nomad-driver-exec2 1 packer 1 retryablehttp 1
Quick Filters
Critical CVEs With Exploits In CISA KEV