Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-27 | CVE-2022-29810 | Information Exposure Through Log Files vulnerability in Hashicorp Go-Getter The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. | 2.1 |
| 2022-04-19 | CVE-2022-29153 | Server-Side Request Forgery (SSRF) vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. | 5.0 |
| 2022-03-23 | CVE-2021-44139 | Server-Side Request Forgery (SSRF) vulnerability in Hashicorp Sentinel 1.8.2 Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). | 5.0 |
| 2022-03-10 | CVE-2022-25243 | Improper Certificate Validation vulnerability in Hashicorp Vault "Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. | 3.5 |
| 2022-03-10 | CVE-2022-25244 | Unspecified vulnerability in Hashicorp Vault Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. | 4.0 |
| 2022-02-28 | CVE-2022-24685 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption. | 5.0 |
| 2022-02-25 | CVE-2022-25374 | Information Exposure Through Log Files vulnerability in Hashicorp Terraform Enterprise HashiCorp Terraform Enterprise before 202202-1 inserts Sensitive Information into a Log File. | 5.0 |
| 2022-02-24 | CVE-2022-24687 | Resource Exhaustion vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption. | 3.5 |
| 2022-02-17 | CVE-2022-24683 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. | 7.8 |
| 2022-02-15 | CVE-2022-24684 | Resource Exhaustion vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption. | 4.0 |