Vulnerabilities > Hashicorp

DATE CVE VULNERABILITY TITLE RISK
2022-04-27 CVE-2022-29810 Information Exposure Through Log Files vulnerability in Hashicorp Go-Getter
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
local
low complexity
hashicorp CWE-532
2.1
2022-04-19 CVE-2022-29153 Server-Side Request Forgery (SSRF) vulnerability in Hashicorp Consul
HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF.
network
low complexity
hashicorp CWE-918
5.0
2022-03-23 CVE-2021-44139 Server-Side Request Forgery (SSRF) vulnerability in Hashicorp Sentinel 1.8.2
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).
network
low complexity
hashicorp CWE-918
5.0
2022-03-10 CVE-2022-25243 Improper Certificate Validation vulnerability in Hashicorp Vault
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false.
network
hashicorp CWE-295
3.5
2022-03-10 CVE-2022-25244 Unspecified vulnerability in Hashicorp Vault
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint.
network
low complexity
hashicorp
4.0
2022-02-28 CVE-2022-24685 Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption.
network
low complexity
hashicorp CWE-770
5.0
2022-02-25 CVE-2022-25374 Information Exposure Through Log Files vulnerability in Hashicorp Terraform Enterprise
HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File.
network
low complexity
hashicorp CWE-532
5.0
2022-02-24 CVE-2022-24687 Resource Exhaustion vulnerability in Hashicorp Consul
HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption.
network
hashicorp CWE-400
3.5
2022-02-17 CVE-2022-24683 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.
network
low complexity
hashicorp
7.8
2022-02-15 CVE-2022-24684 Resource Exhaustion vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption.
network
low complexity
hashicorp CWE-400
4.0