Vulnerabilities > Hashicorp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-02 | CVE-2022-30324 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. | 7.5 |
| 2022-05-25 | CVE-2022-26945 | Command Injection vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. | 7.5 |
| 2022-05-25 | CVE-2022-30321 | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. | 7.5 |
| 2022-05-25 | CVE-2022-30322 | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. | 7.5 |
| 2022-05-25 | CVE-2022-30323 | Unspecified vulnerability in Hashicorp Go-Getter go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. | 7.5 |
| 2022-05-17 | CVE-2022-30689 | Unspecified vulnerability in Hashicorp Vault 1.10.0/1.10.2 HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. | 5.0 |
| 2022-04-27 | CVE-2022-29810 | Information Exposure Through Log Files vulnerability in Hashicorp Go-Getter The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. | 2.1 |
| 2022-04-19 | CVE-2022-29153 | Server-Side Request Forgery (SSRF) vulnerability in Hashicorp Consul HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. | 5.0 |
| 2022-03-23 | CVE-2021-44139 | Server-Side Request Forgery (SSRF) vulnerability in Hashicorp Sentinel 1.8.2 Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF). | 5.0 |
| 2022-03-10 | CVE-2022-25243 | Improper Certificate Validation vulnerability in Hashicorp Vault "Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. | 3.5 |