Vulnerabilities > Hashicorp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-17 | CVE-2020-35453 | Improper Input Validation vulnerability in Hashicorp Vault HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. | 5.0 |
2020-12-17 | CVE-2020-35177 | Information Exposure vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method. | 5.0 |
2020-12-17 | CVE-2020-35192 | Missing Authentication for Critical Function vulnerability in Hashicorp Vault The official vault docker images before 0.11.6 contain a blank password for a root user. | 10.0 |
2020-12-08 | CVE-2020-29564 | Unspecified vulnerability in Hashicorp Consul Docker Image The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. | 10.0 |
2020-12-03 | CVE-2020-29529 | Path Traversal vulnerability in Hashicorp Go-Slug HashiCorp go-slug up to 0.4.3 did not fully protect against Zip Slip attacks while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. | 5.0 |
2020-11-24 | CVE-2020-28348 | Path Traversal vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. | 6.3 |
2020-11-23 | CVE-2020-28053 | Incorrect Permission Assignment for Critical Resource vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. | 4.0 |
2020-11-04 | CVE-2020-25201 | Excessive Iteration vulnerability in Hashicorp Consul HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. | 5.0 |
2020-10-22 | CVE-2020-27195 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. | 6.4 |
2020-09-30 | CVE-2020-25816 | Unspecified vulnerability in Hashicorp Vault HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. | 7.5 |