Vulnerabilities > Hashicorp

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-30324 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host.
network
low complexity
hashicorp
7.5
2022-05-25 CVE-2022-26945 Command Injection vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing.
network
low complexity
hashicorp CWE-77
7.5
2022-05-25 CVE-2022-30321 Unspecified vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws.
network
low complexity
hashicorp
7.5
2022-05-25 CVE-2022-30322 Unspecified vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses.
network
low complexity
hashicorp
7.5
2022-05-25 CVE-2022-30323 Unspecified vulnerability in Hashicorp Go-Getter
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files.
network
low complexity
hashicorp
7.5
2022-05-17 CVE-2022-30689 Unspecified vulnerability in Hashicorp Vault 1.10.0/1.10.2
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts.
network
low complexity
hashicorp
5.0
2022-04-27 CVE-2022-29810 Information Exposure Through Log Files vulnerability in Hashicorp Go-Getter
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
local
low complexity
hashicorp CWE-532
2.1
2022-04-19 CVE-2022-29153 Server-Side Request Forgery (SSRF) vulnerability in Hashicorp Consul
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints.
network
low complexity
hashicorp CWE-918
5.0
2022-03-23 CVE-2021-44139 Server-Side Request Forgery (SSRF) vulnerability in Hashicorp Sentinel 1.8.2
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).
network
low complexity
hashicorp CWE-918
5.0
2022-03-10 CVE-2022-25243 Improper Certificate Validation vulnerability in Hashicorp Vault
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false.
network
hashicorp CWE-295
3.5