hashicorp

201 tracked vulnerabilities.

CVE-2022-36130 CRITICAL
HashiCorp Boundary <0.10.1 - Privilege Escalation
Sep 01, 2022
CVSS 9.9
EPSS 0.00
CVE-2022-38149 HIGH
HashiCorp Consul Template <0.27.2, 0.28.2, 0.29.1 - Info Disclosure
Aug 17, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-36129 CRITICAL
HashiCorp Vault Enterprise <1.9.8, <1.10.5, <1.11.1 - Privilege Esc...
Jul 26, 2022
CVSS 9.1
EPSS 0.01
CVE-2022-30324 CRITICAL
HashiCorp Nomad 0.2.0-1.3.0 - Privilege Escalation via Artifact Stanza in Job Submission
Jun 02, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-30323 HIGH
go-getter <1.6.1, <2.1.0 - Info Disclosure
May 25, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-30322 HIGH
go-getter < 1.5.11 and 2.0.2 - Asymmetric Resource Exhaustion via Malicious HTTP Responses
May 25, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-30321 HIGH
HashiCorp go-getter < 1.5.11, 2.0.2 - Path Traversal and Command Injection
May 25, 2022
CVSS 8.6
EPSS 0.07
CVE-2022-26945 CRITICAL
go-getter <1.6.1-2.1.0 - Open Redirect
May 25, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-30689 MEDIUM
HashiCorp Vault <1.10.2 - Info Disclosure
May 17, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-29810 MEDIUM
Hashicorp go-getter < 1.5.11 - Sensitive Information Disclosure in Log Files
Apr 27, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-29153 HIGH NUCLEI
HashiCorp Consul <1.9.16-1.11.4 - SSRF
Apr 19, 2022
CVSS 7.5
EPSS 0.88
CVE-2022-25244 MEDIUM
HashiCorp Vault 1.7.0-1.7.9 - Authenticated Transform Key Exposure via Configuration Endpoint
Mar 10, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-25243 MEDIUM
Vault 1.8.0-1.8.8 and 1.9.3 - Improper Certificate Validation in PKI Secrets Engine
Mar 10, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-24685 HIGH
HashiCorp Nomad <1.0.17-1.2.5 - DoS
Feb 28, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25374 HIGH
Terraform Enterprise < 202202-1 - Sensitive Data Exposure via HTTP Request Logging
Feb 25, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-24687 MEDIUM
HashiCorp Consul <1.9.14-1.11.2 - Privilege Escalation
Feb 24, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-24683 HIGH
HashiCorp Nomad <1.2.5 - Info Disclosure
Feb 17, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-24684 MEDIUM
HashiCorp Nomad 0.9.0-1.0.16 1.1.11 1.2.5 - Denial of Service via Spread Job Stanza
Feb 15, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-24686 MEDIUM
HashiCorp Nomad <1.0.17-1.2.5 - Info Disclosure
Feb 14, 2022
CVSS 5.9
EPSS 0.00
CVE-2021-41803 HIGH
HashiCorp Consul 1.8.1-1.11.8, 1.12.4, 1.13.1 - Missing Authorization via JWT Claim Assertion
Sep 23, 2022
CVSS 7.1
EPSS 0.00
CVE-2021-44139 HIGH NUCLEI
Sentinel 1.8.2 - Server-Side Request Forgery
Mar 23, 2022
CVSS 7.5
EPSS 0.78
CVE-2021-45042 MEDIUM
HashiCorp Vault 1.4.0-1.7.6, 1.8.0-1.8.5, 1.9.0 - Authenticated Denial of Service via KV Secrets Engine
Dec 17, 2021
CVSS 4.9
EPSS 0.00
CVE-2021-41805 HIGH
HashiCorp Consul Enterprise < 1.8.17, 1.9.x < 1.9.11, 1.10.x < 1.10.4 - Incorrect Access Control via Namespace ACL Token
Dec 12, 2021
CVSS 8.8
EPSS 0.04
CVE-2021-43415 HIGH
HashiCorp Nomad <1.0.13, 1.1.7, 1.2.0 - Auth Bypass
Dec 03, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-43998 MEDIUM
HashiCorp Vault <1.7.5-1.8.4 - Info Disclosure
Nov 30, 2021
CVSS 6.5
EPSS 0.00
Products
vault 72 nomad 38 consul 36 go-getter 10 vagrant_vmware_fusion 7 boundary 6 terraform 5 terraform_enterprise 5 Vault 4 Vault Enterprise 4 vagrant 4 Tooling 3 Consul 2 Consul Enterprise 2 Nomad 2 Nomad Enterprise 2 Shared library 2 go-slug 2 sentinel 2 terraform_provider 2 Boundary 1 Boundary Enterprise 1 consul-template 1 consul_docker_image 1 consul_template 1 go-retryablehttp 1 hermes 1 nomad-driver-exec2 1 packer 1 retryablehttp 1
Quick Filters
Critical CVEs With Exploits In CISA KEV